- name: Set up network interfaces
  template:
    dest: /etc/network/interfaces
    src: interfaces.j2
  notify: restart networking

- meta: flush_handlers

- name: Set hostname
  hostname:
    name: '{{ dns_name }}'

- name: Configure hosts
  template:
    dest: /etc/hosts
    src: hosts.j2

- name: Enable community package repo
  lineinfile:
    path: /etc/apk/repositories
    regexp: '^# *(http.*/v[^/]*/community)'
    line: '\1'
    backrefs: yes
  notify: update package cache

- meta: flush_handlers

- name: Install base packages
  package:
    name:
    - acl
    - git
    - iproute2
    - logrotate
    - nftables
    - procps
    - rsync
    - tmux
    - vim

- name: Disable SSH password authentication
  lineinfile:
    path: /etc/ssh/sshd_config
    regexp: '^#?{{ item.key }}'
    line: '{{ item.key }} {{ item.value }}'
  loop:
    - key: PasswordAuthentication
      value: 'no'
    - key: PermitRootLogin
      value: 'prohibit-password'
  notify: reload sshd

- name: Set up firewall
  template:
    dest: /etc/nftables.d/local.nft
    src: local.nft.j2
  notify: reload nftables

- name: Enable firewall
  service:
    name: nftables
    enabled: yes
    state: started

- meta: flush_handlers

- name: Enable QEMU guest agent
  when: is_virtual
  block:
    - name: Install QEMU guest agent package
      package:
        name: qemu-guest-agent

    - name: Enable QEMU guest agent service
      service:
        name: qemu-guest-agent
        enabled: yes
        state: started

- name: Install automatic upgrade script
  copy:
    dest: /etc/periodic/weekly/
    src: unattended-upgrade
    mode: 0755

- name: Configure log rotation for automatic upgrades
  copy:
    dest: /etc/logrotate.d/unattended-upgrade
    src: unattended-upgrade.logrotate
    mode: 0644