---
- name: remove apt-config-file derived from preseeding
  ansible.builtin.file:
    path: /etc/apt/apt.conf
    state: absent
  when: ("baremetal" in group_names)
- name: create apt-proxy config file
  ansible.builtin.template:
    src: fsit-smgt/templates/apt-proxy_01proxy.j2
    dest: /etc/apt/apt.conf.d/01proxy
  when: ("DMZ" not in group_names)
- name: remove apt-config-file only for aptproxy
  ansible.builtin.file:
    path: /etc/apt/apt.conf.d/01proxy
    state: absent
  when: ("aptproxy" in inventory_hostname)
- name: copy apt-unattended-upgrades config file
  ansible.builtin.copy:
    src: fsit-smgt/files/apt-unattended-upgrades_10periodic
    dest: /etc/apt/apt.conf.d/10periodic
- name: Update and upgrade apt packages
  ansible.builtin.apt:
    update_cache: yes
    upgrade: yes
    autoremove: true
- name: install core-packages
  ansible.builtin.apt:
#    update_cache: yes
    pkg:
    - sudo
    - gnupg
    - htop
    - ncdu
    - vim
    - tmux
    - gnupg2
- name: install core-packages for bare-metal-server
  ansible.builtin.apt:
    pkg:
    - inxi
  when: ("baremetal" in group_names)
- name: add ansible user to server
  ansible.builtin.user:
    name: ansible
    shell: /bin/bash
- name: allow "ansible"-user to have passwordless sudo
  ansible.builtin.copy:
    src: fsit-smgt/files/sudo_ansible
    dest: /etc/sudoers.d/ansible
    owner: root
    group: root
    mode: 0440
- name: add installbox-ansible-user _public_ ssh-key to the servers authorized_keys file
  ansible.builtin.authorized_key:
    user: ansible
    state: present
    manage_dir: yes
    key: "{{ lookup('file', '/home/ansible/.ssh/id_ed25519.pub') }}"
...