### -*-yaml-*-
###
### Tasks applicable for all hosts.

---

###--------------------------------------------------------------------------
### General permissions.

- name: fix permissions in /root
  tags: [perms, root-perms]
  file: name=/root mode=0750 owner=root group=root

###--------------------------------------------------------------------------
### PKI machinery.

- name: install PKI maintenance scripts
  tags: [pki]
  copy: src=pki/{{ item }} dest=/etc/cron.daily
  with_items:
    - update-ca-certs
    - check-x509-certs

###--------------------------------------------------------------------------
### NTP configuration.

- name: install NTP configuration files
  tags: [ntp, ntp-client]
  copy: src=ntp-client/ntp.conf dest=/etc
  when: server is not defined or 'ntp' not in server
  notify: restart ntpd

###--------------------------------------------------------------------------
### SSH configuration.

- name: install SSH configuration files
  tags: [ssh, ssh-config]
  copy: src=ssh-config/{{ item }} dest=/etc/ssh
  notify: restart ssh
  with_items:
    - Makefile
    - ssh_config
    - sshd_config.m4
    - moduli

- name: install main keys for root SSH access
  tags: [ssh, ssh-root]
  template: src=ssh-root-authkeys dest=/root/.ssh/authkeys.base

- name: install keys for root SSH access
  tags: [ssh, ssh-root]
  copy: src=ssh-root/{{ item }} dest=/root/.ssh
  with_items:
    - Makefile
    - config.m4
    - known_hosts.extra

###----- That's all, folks --------------------------------------------------