- include_tasks: 'sudoers.yml'
  loop:
    - { src: 'sudoers.j2', dest: '/etc/sudoers.d/20-ansible-extra' }

- name: copy ssh template
  template:
    src: 'sshd_config.j2'
    dest: '/etc/ssh/sshd_config'
    owner: root
    group: root
    mode: '0644'
  notify: reload ssh

- name: viva la hollande
  locale_gen:
    name: nl_NL.UTF-8
    state: present

- name: ensure basic tooling is installed
  apt:
    name: '{{ common_packages }}'
    state: present

- name: copy firewall template
  template:
    src: 'nftables.j2'
    dest: '/etc/nftables.conf'
    owner: root
    group: root
    mode: '0600'
  notify: restart nftables

# see https://wiki.debian.org/systemd#Orphaned_processes
- name: enable loginctl user-linger
  command: 'loginctl enable-linger {{ default_user|quote }}'