# vim: ft=yaml.ansible
---
- name: Set hostname
  hostname:
    name: "{{ hostname }}"

- name: Set timezone
  timezone:
    name: "{{ timezone }}"

- name: Upgrade system packages
  apt:
    update_cache: true
    upgrade: full

- name: Install packages via apt
  apt:
    name: "{{ pkgs }}"
    state: present
  vars:
    pkgs:
      - apparmor
      - curl
      - git
      - haveged
      - needrestart
      - python3-pip
      - ufw
      - unattended-upgrades

- name: Check if a reboot is needed
  stat:
    path: /var/run/reboot-required
  register: needs_reboot
  tags:
    - reboot

- name: Reboot host
  reboot:
    connect_timeout: 120
  when: needs_reboot.stat.exists or
        (force_reboot is defined and force_reboot)
  tags:
    - reboot