# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Set hostname
  ansible.builtin.hostname:
    name: "{{ hostname }}"

- name: Set timezone
  community.general.timezone:
    name: "{{ timezone }}"

- name: Copy hosts file
  ansible.builtin.template:
    src: etc/hosts.j2
    dest: /etc/hosts
    owner: root
    mode: u=rw,g=r,o=r

- name: Disable systemd-resolved stub resolver
  when: hostname in groups['control_infra']
  block:
    - name: Set /etc/resolv.conf symlink
      ansible.builtin.file:
        path: /etc/resolv.conf
        src: /run/systemd/resolve/resolv.conf
        owner: root
        force: true
        state: link

    - name: Set DNSStubListener=no
      ansible.builtin.lineinfile:
        path: /etc/systemd/resolved.conf
        regexp: '^#?DNSStubListener='
        line: 'DNSStubListener=no'
        state: present
      notify: Restart systemd-resolved

- name: Enable Security SIG repositories
  ansible.builtin.dnf:
    name: rocky-release-security
    state: present

- name: Install system packages
  ansible.builtin.dnf:
    name:
      - haveged
      - firewalld
      - lkrg
    state: present

- name: Ensure services are enabled and running
  ansible.builtin.service:
    name: "{{ item }}"
    enabled: true
    state: started
  loop:
    - haveged
    - firewalld
    - lkrg