---
- name: change ansible-user password
  ansible.builtin.user:
    name: ansible
    update_password: always
    password: "{{ ansibleuser|password_hash('sha512') }}"
- name: hide system-account
  ansible.builtin.lineinfile:
    path: /var/lib/AccountsService/users/ansible
    regex: 'SystemAccount=*'
    line: 'SystemAccount=true'
- name: remove apt-config-file derived from preseeding
  ansible.builtin.file:
    path: /etc/apt/apt.conf
    state: absent
#- name: copy new apt-proxy config file to apt.conf.d-dir
#  ansible.builtin.copy:
#    dest: /etc/apt/apt.conf.d/01proxy
#    content: |
#      Acquire::http { Proxy "http://{{ aptproxy }}:3142"; };
#      Acquire::https { Proxy "https://"; };
#- name: prepare ubuntu-DNS for working in local network
#  file:
#    src: /run/systemd/resolve/resolv.conf
#    dest: /etc/resolv.conf
#    state: link
#    force: yes
#  when: ansible_facts['distribution'] == 'Ubuntu'
- name: Update and upgrade apt packages
  apt:
    update_cache: true
    upgrade: true
- name: Update and upgrade apt packages
  apt:
    autoremove: true
- name: install core-packages
  apt:
    pkg:
    - htop
    - glances
    - inxi
    - bmon
    - vim
    - mtr-tiny
    - tmux
    - ncdu
- name: configure apt-unattended-upgrades part one
  ansible.builtin.copy:
    dest: /etc/apt/apt.conf.d/10periodic
    content: |
      APT::Periodic::Update-Package-Lists "1";
      APT::Periodic::Unattended-Upgrade "1";
      APT::Periodic::Download-Upgradeable-Packages "1";
      APT::Periodic::AutocleanInterval "7";
#- name: configure apt-unattended-upgrades part two
#  ansible.builtin.lineinfile:
# Müssen wir noch an einem neuen Gerät nachvollziehen :-)
#- name: stop automatic remote printer installation
#  ansible.builtin.systemd:
#    name: cups-browsed
#    state: stopped
#- name: disable automatic remote printer installation
#  ansible.builtin.systemd:
#    name: cups-browsed
#    enabled: no
...