# vim: ft=yaml.ansible
---
- name: Set hostname
  ansible.builtin.hostname:
    name: "{{ hostname }}"

- name: Set timezone
  community.general.timezone:
    name: "{{ timezone }}"

- name: Set /etc/resolv.conf symlink
  ansible.builtin.file:
    path: /etc/resolv.conf
    src: /run/systemd/resolve/resolv.conf
    owner: root
    force: true
    state: link

- name: Disable systemd-resolved stub resolver
  ansible.builtin.lineinfile:
    path: /etc/systemd/resolved.conf
    regexp: '^#?DNSStubListener='
    line: 'DNSStubListener=no'
    state: present
  notify: Restart systemd-resolved

- name: Upgrade system packages
  ansible.builtin.apt:
    update_cache: true
    upgrade: full

- name: Install packages via apt
  ansible.builtin.apt:
    name: "{{ pkgs }}"
    state: present
  vars:
    pkgs:
      - apparmor
      - curl
      - git
      - haveged
      - needrestart
      - python3-pip
      - ufw
      - unattended-upgrades

- name: Clone apt-update-push
  ansible.builtin.git:
    dest: /home/{{ ansible_user }}/apt-update-push
    repo: https://github.com/samsapti/apt-update-push.git
    clone: true
    update: true
    single_branch: true
    depth: 1
  become: false
  notify: apt-update-push

- name: Clone pi-fan-controller
  ansible.builtin.git:
    dest: /home/{{ ansible_user }}/pi-fan-controller
    repo: https://github.com/Howchoo/pi-fan-controller.git
    clone: true
    update: false
    single_branch: true
    depth: 1
  become: false
  notify: pi-fan-controller