---

# we don't want to disrupt servers where this role is manually maintained!
# thus: warning and block statement

- name: full-stop if server role is manually maintained on this server
  debug: msg="server role skipped to not disrupt manual maintenance - set ansible_managed_server to True to enable ansible control"
  when: (not ansible_managed_server is defined) or (not ansible_managed_server)

- block:
  - name: ensure needed system users are present
    user: name=admin comment="Freifunk MWU Admin" shell=/bin/bash state=present
    become: True

  - name: ensure all wanted ssh keys exclusively
    authorized_key: exclusive=True state=present user=admin
                key={{ mwu_s_admin_keys ~ ( h_v_add_auth_keys | default('') ) }}

  - name: ensure some basic packages
    apt:
      state: present
      name: "{{mwu_s_item}}"
      update_cache: yes
      cache_valid_time: 21600
    with_items:
      - software-properties-common
      - apt-transport-https
      - man-db
      - mosh
      - ntp
      - sudo
      - sysfsutils
      - vim
      - vnstat
      - vnstati
    loop_control:
      loop_var: mwu_s_item
    become: True

  - name: ensure vim is default editor
    alternatives: name=editor path=/usr/bin/vim.basic
    become: True

  - name: set timezone to Europe/Berlin
    timezone: name=Europe/Berlin
    become: True

  when: (ansible_managed_server is defined) and (ansible_managed_server)
# end block