---
- name: Remove apt-config-file derived from preseeding
  ansible.builtin.file:
    path: /etc/apt/apt.conf
    state: absent
  when: ("baremetal" in group_names)
- name: Create apt-proxy config file
  ansible.builtin.template:
    src: apt-proxy_01proxy.j2
    dest: /etc/apt/apt.conf.d/01proxy
  when: ("DMZ" not in group_names)
- name: Remove apt-config-file only for aptproxy
  ansible.builtin.file:
    path: /etc/apt/apt.conf.d/01proxy
    state: absent
  when: ("aptproxy" in inventory_hostname)
- name: Copy apt-unattended-upgrades config file
  ansible.builtin.copy:
    src: apt-unattended-upgrades_10periodic
    dest: /etc/apt/apt.conf.d/10periodic
- name: Update and upgrade apt packages
  ansible.builtin.apt:
    update_cache: true
    upgrade: true
    autoremove: true
- name: Install core-packages
  ansible.builtin.apt:
    pkg:
      - sudo
      - gnupg
      - htop
      - ncdu
      - vim
      - tmux
      - gnupg2
      - nethogs
      - iftop
      - rsync
      - ripgrep
- name: Install core-packages for bare-metal-server
  ansible.builtin.apt:
    pkg:
      - inxi
  when: ("baremetal" in group_names)
- name: Install core-packages for server in DMZ
  ansible.builtin.apt:
    pkg:
      - fail2ban
  when: ("DMZ" in group_names)
- name: Add ansible user to server
  ansible.builtin.user:
    name: ansible
    shell: /bin/bash
- name: Allow "ansible"-user to have passwordless sudo
  ansible.builtin.copy:
    src: sudo_ansible
    dest: /etc/sudoers.d/ansible
    owner: root
    group: root
    mode: "0440"
- name: Add installbox-ansible-user _public_ ssh-key to the servers authorized_keys file
  ansible.posix.authorized_key:
    user: ansible
    state: present
    manage_dir: true
    key: "{{ lookup('file', '/home/ansible/.ssh/id_ed25519.pub') }}"