# vim: ft=yaml.ansible
---
- name: Set hostname
  hostname:
    name: "{{ hostname }}"

- name: Set timezone
  timezone:
    name: "{{ timezone }}"

- name: Upgrade system packages
  apt:
    update_cache: true
    upgrade: full

- name: Install packages via apt
  apt:
    name: "{{ pkgs }}"
    state: present
  vars:
    pkgs:
      - apparmor
      - curl
      - git
      - haveged
      - needrestart
      - python3-pip
      - ufw
      - unattended-upgrades

- name: Check if a reboot is needed
  stat:
    path: /var/run/reboot-required
  register: needs_reboot
  tags:
    - reboot

- name: Reboot host
  reboot:
    connect_timeout: 120
  when: needs_reboot.stat.exists or
        (force_reboot is defined and force_reboot)
  register: reboot
  tags:
    - reboot

- name: Re-gather facts
  setup:
    filter:
      - ansible_mounts
      - ansible_swaptotal_mb
  when: not reboot.skipped and reboot.rebooted

- name: Clone apt-update-push
  git:
    dest: "/home/{{ ansible_user }}/apt-update-push"
    repo: https://github.com/samsapti/apt-update-push.git
    clone: true
    update: true
    single_branch: true
    depth: 1
  become: false
  notify: Install apt-update-push