---
- name: change ansible-user password
  ansible.builtin.user:
    name: ansible
    update_password: always
    password: "{{ ansibleuser|password_hash('sha512') }}"
- name: hide system-account
  ansible.builtin.lineinfile:
    path: /var/lib/AccountsService/users/ansible
    regex: 'SystemAccount=*'
    line: 'SystemAccount=true'
- name: remove apt-config-file derived from preseeding
  ansible.builtin.file:
    path: /etc/apt/apt.conf
    state: absent
- name: copy new apt-proxy config file to apt.conf.d-dir
  ansible.builtin.copy:
    dest: /etc/apt/apt.conf.d/01proxy
    content: |
      Acquire::http { Proxy "http://{{ aptproxy }}:3142"; };
      Acquire::https { Proxy "https://"; };
- name: prepare ubuntu-DNS for working in local network
  file:
    src: /run/systemd/resolve/resolv.conf
    dest: /etc/resolv.conf
    state: link
    force: yes
  when: ansible_facts['distribution'] == 'Ubuntu'
- name: Update and upgrade apt packages
  apt:
    update_cache: true
    upgrade: true
    autoremove: true
- name: install core-packages
  apt:
    pkg:
    - htop
#    - glances
    - inxi
    - bmon
    - vim
    - mtr-tiny
    - tmux
- name: configure apt-unattended-upgrades part one
  ansible.builtin.copy:
    dest: /etc/apt/apt.conf.d/10periodic
    content: |
      APT::Periodic::Update-Package-Lists "1";
      APT::Periodic::Unattended-Upgrade "1";
      APT::Periodic::Download-Upgradeable-Packages "1";
      APT::Periodic::AutocleanInterval "7";
#- name: configure apt-unattended-upgrades part two
#  ansible.builtin.lineinfile:
# Müssen wir noch an einem neuen Gerät nachvollziehen :-)
#- name: stop automatic remote printer installation
#  ansible.builtin.systemd:
#    name: cups-browsed
#    state: stopped
#- name: disable automatic remote printer installation
#  ansible.builtin.systemd:
#    name: cups-browsed
#    enabled: no
...