servers/roles/debian/tasks/main.yml

- name: Set hostname
  hostname:
    name: '{{ inventory_hostname }}'

- name: Set up resolv.conf
  template:
    dest: /etc/resolv.conf
    src: resolv.conf.j2
    mode: 0644

- name: Set up debian repositories
  template:
    dest: /etc/apt/sources.list
    src: sources.list.j2
    mode: 0644
  notify: update package cache
  when: debian_release is defined

- name: Install essential packages
  package:
    name:
      - git
      - ifupdown2
      - rsync
      - vim
      - tmux

- name: Add rules to rename network interfaces
  template:
    dest: /etc/udev/rules.d/10-network.rules
    src: 10-network.rules.j2
    mode: 0644
  notify: reboot

# we don’t want to template this file because it gets overwritten by proxmox
# so just try removing anything that messes with our definitions in interfaces.d
- name: Remove interface definitions added by installer
  lineinfile:
    path: /etc/network/interfaces
    regexp: '^iface [^ ]* inet'
    state: absent
  notify: reload interfaces

- name: Include interfaces.d definitions
  lineinfile:
    path: /etc/network/interfaces
    line: 'source /etc/network/interfaces.d/*'
  notify: reload interfaces

- name: Set up interfaces
  template:
    dest: /etc/network/interfaces.d/ansible.intf
    src: ansible.intf.j2
    mode: 0644
  notify: reload interfaces

- name: Disable SSH password authentication
  lineinfile:
    path: /etc/ssh/sshd_config
    regexp: '^#?{{ item.key }}'
    line: '{{ item.key }} {{ item.value }}'
  loop:
    - key: PasswordAuthentication
      value: 'no'
    - key: PermitRootLogin
      value: 'prohibit-password'
  notify: reload sshd

- name: Run SSH instance in management VRF
  when: interfaces | selectattr('vrf') | selectattr('vrf.name', '==', 'mgmt')
  block:
    - name: Configure SSH instance in management VRF
      copy:
        dest: /etc/ssh/
        src: sshd_config.mgmt
        mode: 0644
      notify: reboot

    - name: Set up a SSH instance in management VRF
      copy:
        dest: /etc/systemd/system/
        src: sshd@mgmt.service
        mode: 0644
      notify: reboot

    - name: Enable management SSH
      service:
        name: sshd@mgmt
        enabled: yes
      notify: reboot

- meta: flush_handlers