# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Set hostname
  ansible.builtin.hostname:
    name: "{{ hostname }}"

- name: Set timezone
  community.general.timezone:
    name: "{{ timezone }}"

- name: Set /etc/resolv.conf symlink
  ansible.builtin.file:
    path: /etc/resolv.conf
    src: /run/systemd/resolve/resolv.conf
    owner: root
    force: true
    state: link

- name: Disable systemd-resolved stub resolver
  ansible.builtin.lineinfile:
    path: /etc/systemd/resolved.conf
    regexp: '^#?DNSStubListener='
    line: 'DNSStubListener=no'
    state: present
  notify: Restart systemd-resolved

- name: Upgrade system packages
  ansible.builtin.apt:
    update_cache: true
    upgrade: full

- name: Install packages via apt
  ansible.builtin.apt:
    name: "{{ pkgs }}"
    state: present
  vars:
    pkgs:
      - apparmor
      - curl
      - git
      - haveged
      - needrestart
      - python3-pip
      - ufw
      - unattended-upgrades