---
- name: Configure apt mirror
  template: src=sources.list.j2 dest=/etc/apt/sources.list owner=root group=root mode=0644
  when: ansible_architecture != 'armv7l'

- name: Add GPG key for Extras repo
  apt_key: id=0xC47415DFF48C09645B78609416126D3A3E5C1192 url=https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xC47415DFF48C09645B78609416126D3A3E5C1192 state=present
  when: ansible_distribution_version | version_compare('14.04', '==')

- name: Upgrade base OS
  apt: upgrade=dist update_cache=yes

- name: Install base packages
  apt: pkg={{ item }}
  with_items:
    - git
    - tmux
    - iotop
    - htop
    - strace
    - s3cmd
    - cron-apt
    - safe-rm
    - debian-goodies
    - mosh
    - python-pycurl # for ansible's apt_repository
    - sysv-rc-conf
    - lzop
    - vim
    - lrzip
    - unzip

- name: Security hardening (CIS Benchmark 1.0)
  apt: pkg={{ item }} state=absent purge=yes
  with_items:
    - whoopsie # CIS 4.1
    - apport   # CIS 4.1

- name: Remove annoying packages
  apt: pkg={{ item }} state=absent purge=yes
  with_items:
    - command-not-found
    - command-not-found-data
    - python3-commandnotfound

- name: Configure cron-apt
  import_tasks: cron-apt.yml
  tags: cron-apt

- name: Install tarsnap
  import_tasks: tarsnap.yml

# vim: set sw=2 ts=2: