- hosts: attitude-adjuster
  tasks:

    - name: install dependencies
      package:
        name: "{{ item }}"
        state: present
      with_items:
        - git
        - vim
      become: yes

# Security
#
# https://www.raspberrypi.org/documentation/configuration/security.md

- hosts: attitude-adjuster
  tasks:

    - name: disable ssh password logins
      lineinfile:
        path: /etc/ssh/sshd_config
        regexp: '^(#\s*)?{{ item }} '
        line: "{{ item }} no"
      notify: reload ssh
      with_items:
        - ChallengeResponseAuthentication
        - PasswordAuthentication
        - UsePAM
      become: yes

    - name: disable pi user
      user:
        name: pi
        password: !
      become: yes

    - name: install ufw and fail2ban
      package:
        name: "{{ item }}"
        state: present
      become: yes
      with_items:
        - ufw
        - fail2ban

    - name: allow access to dns, http, and https
      ufw:
        rule: allow
        name: "{{ item }}"
      with_items:
        - DNS
        - WWW Full
      become: yes

    - name: allow access to dhcp
      ufw:
        rule: allow
        proto: udp
        port: 67
      become: yes

    - name: limit ssh access
      ufw:
        rule: limit
        name: OpenSSH
      become: yes

    - name: enable ufw
      ufw:
        state: enabled
      become: yes

    - name: create jail.local
      copy:
        src: jail.local
        dest: /etc/fail2ban/
      become: yes
      notify: reload fail2ban

  handlers:
    - name: reload ssh
      service:
        name: ssh
        state: reloaded
    - name: reload fail2ban
      service:
        name: fail2ban
        state: reloaded

- import_playbook: pihole.yml

# ddclient

- hosts: attitude-adjuster
  vars_files:
    - vars.yml.private
  tasks:

    - name: install ddclient
      package:
        name: ddclient
        state: present
      become: yes

    - name: configure ddclient
      template:
        src: ddclient.conf
        dest: /etc/ddclient.conf
        mode: go-r
      become: yes
      notify: restart ddclient

    - name: enable ddclient
      service:
        name: ddclient
        enabled: yes
      become: yes

  handlers:
    - name: restart ddclient
      service:
        name: ddclient
        state: restarted
      become: yes

# Homebridge

- hosts: attitude-adjuster
  tasks:

    - name: install npm
      package:
        name: npm
        state: present
      become: yes

    - name: install homebridge
      npm:
        name: "{{ item }}"
        global: yes
      with_items:
        - homebridge
        - homebridge-smartthings-tonesto7
      become: yes

    - name: create ~/.homebridge
      file:
        path: ~/.homebridge
        state: directory

    - name: copy homebridge config
      copy:
        src: config.json
        dest: ~/.homebridge/config.json