# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Set hostname
  ansible.builtin.hostname:
    name: "{{ hostname }}"

- name: Set timezone
  community.general.timezone:
    name: "{{ timezone }}"

- name: Copy hosts file
  ansible.builtin.template:
    src: etc/hosts.j2
    dest: /etc/hosts
    owner: root
    mode: u=rw,g=r,o=r

- name: Disable systemd-resolved stub resolver
  when: hostname in groups['control_infra']
  block:
    - name: Set /etc/resolv.conf symlink
      ansible.builtin.file:
        path: /etc/resolv.conf
        src: /run/systemd/resolve/resolv.conf
        owner: root
        force: true
        state: link

    - name: Set DNSStubListener=no
      ansible.builtin.lineinfile:
        path: /etc/systemd/resolved.conf
        regexp: '^#?DNSStubListener='
        line: 'DNSStubListener=no'
        state: present
      notify: Restart systemd-resolved

- name: Install packages via apt
  ansible.builtin.apt:
    name: "{{ pkgs }}"
    state: present
  vars:
    pkgs:
      - apparmor
      - haveged
      - ufw