---
- name: Initializing bnewbold.the-nsa.org
  hosts: bnewbold.the-nsa.org
  remote_user: bnewbold
  sudo: True
  sudo_user: root
  gather_facts: True
  vars_files:
    - vars/vault.yml
    - vars/bnewbold_nsa.yml

  vars:
    - admin_email: "bnewbold@the-nsa.org"
    - main_user_name: bnewbold
    - hostname_fqdn: bnewbold.the-nsa.org

  roles:
    - debian_jessie
    - hostname
    - common
    - nullmailer
    - nginx

  tasks:
    - name: Create main user account
      user: name={{main_user_name}} state=present groups=sudo append=yes shell=/bin/bash
    - name: Give main user account sudo power
      template: src=roles/common/templates/sudoers.j2 dest=/etc/sudoers.d/sudoers owner=root group=root mode=0440 validate='visudo -cf %s'
    - name: Install main user authorized SSH keys
      authorized_key: user="{{ main_user_name}}" key="{{ item }}"
      with_file:
        - pubkeys/bnewbold.pub
    - name: Install root user authorized SSH keys
      authorized_key: user=root key="{{ item }}"
      with_file:
        - pubkeys/bnewbold.pub
    - name: Extra packages for this host
      apt: name={{item}} state=installed
      with_items:
            - socat
            - rsyslog

  post_tasks:
    - name: Sanity check that we have IPv4 connectivity
      command: /bin/ping -c 2 mit.edu
    - name: Sanity check that we have IPv6 connectivity
      command: /bin/ping6 -c 2 mit.edu
    - name: Done
      shell: echo 'Done!'