---
- name: Import OS-specific variables
  ansible.builtin.include_vars: "vars/{{ ansible_distribution }}.yml"
  tags: always

- name: Configure network time
  ansible.builtin.import_tasks: ntp.yml
  tags: ntp

- name: Install common packages
  ansible.builtin.include_tasks: packages_Debian.yml
  when: ansible_distribution == 'Debian'
  tags: packages

- name: Install common packages
  ansible.builtin.include_tasks: packages_Ubuntu.yml
  when: ansible_distribution == 'Ubuntu'
  tags: packages

- name: Configure firewall
  ansible.builtin.include_tasks: firewall_Debian.yml
  when: ansible_distribution == 'Debian'
  tags: firewall

- name: Configure firewall
  ansible.builtin.include_tasks: firewall_Ubuntu.yml
  when: ansible_distribution == 'Ubuntu'
  tags: firewall

- name: Configure secure shell daemon
  ansible.builtin.import_tasks: sshd.yml
  tags: sshd

# containers identify as virtualization hosts, which makes this tricky, because we have actual Debian VM hosts!
- name: Reconfigure /etc/sysctl.conf
  when: ansible_virtualization_role != 'host'
  ansible.builtin.template: src=sysctl_{{ ansible_distribution }}.j2 dest=/etc/sysctl.conf owner=root group=root mode=0644
  notify:
    - reload sysctl
  tags: sysctl

- name: Set I/O scheduler
  ansible.builtin.template: src=etc/udev/rules.d/60-scheduler.rules.j2 dest=/etc/udev/rules.d/60-scheduler.rules owner=root group=root mode=0644
  tags: udev

- name: Copy admin SSH keys
  ansible.builtin.import_tasks: ssh-keys.yml
  tags: ssh-keys

# vim: set sw=2 ts=2: