---
- name: set correct time zone
  timezone:
    name: Europe/Zurich

- name: correct AM/PM rocky 9 bug
  lineinfile:
    path: /etc/locale.conf
    insertafter: EOF
    line: LC_TIME=C
    
- name: secure stack ip part 1
  sysctl:
    name: net.ipv4.tcp_timestamps
    value: "0"
    sysctl_set: yes
    state: present
    reload: yes

- name: secure stack ip part 2
  firewalld:
    service: dhcpv6-client
    permanent: true
    state: disabled

- name: forward X11
  lineinfile:
    dest: /etc/ssh/sshd_config
    insertafter: '^#X11UseLocalhost yes'
    line: 'X11UseLocalhost no'

- name: unactivate CRTL-DEL
  file:
    src: /dev/null
    dest: /usr/lib/systemd/system/ctrl-alt-del.target
  changed_when: false

- name: bash gmo-cfg.sh
  copy:
    src: os/gmo-cfg.sh
    dest: /etc/profile.d/gmo-cfg.sh

- name: add ~/.local/bin in path
  lineinfile:
    path: /root/.bashrc
    line: export PATH=~/.local/bin:$PATH

- name: vimrc
  copy:
    src: os/vimrc
    dest: /root/.vimrc

- name: issue (gmetech)
  copy:
    src: os/gmetech
    dest: /etc/issue

- name: issue.net (gmetech)
  copy:
    src: os/gmetech.net
    dest: /etc/issue.net

- name: config sshd for banner
  lineinfile:
    dest: /etc/ssh/sshd_config
    insertafter: EOF
    line: 'Banner /etc/issue.net'

- name: put SELinux in permissive mode
  selinux:
    policy: targeted
    state: permissive

- name: create message in motd
  copy:
   content: "\n**************************************************\n*    !! This
server is managed by ANSIBLE !!     *\n* The config files must be changed in repos
itory *\n**************************************************\n\n"
   dest: /etc/motd