---
- name: "Configure base system parameters"
  hosts: all

  vars_files:
    - vars/ports.yml
    - vars/vars.yml

  vars:
    apt_packages:
      - acl
      - curl
      - fuse
      - git
      - htop
      - jq
      - make
      - python3-pip
      - sqlite3
      - tree

  tasks:
    - name: "Install additional apt packages"
      ansible.builtin.apt:
        name: "{{ apt_packages }}"
        update_cache: true

    - name: "Configure timezone"
      ansible.builtin.import_role:
        name: yatesr.timezone
      vars:
        timezone: UTC
      tags:
        - skip_ansible_lint

    - name: "Configure security settings"
      ansible.builtin.import_role:
        name: geerlingguy.security
      vars:
        security_ssh_permit_root_login: "yes"
        security_autoupdate_enabled: "no"
        security_fail2ban_enabled: "yes"

    - name: "Copy keep files script"
      ansible.builtin.copy:
        src: "files/keep-files.py"
        dest: "{{ bin_prefix }}/keep-files.py"
        owner: root
        group: root
        mode: "0755"