- include_tasks: "sudoers.yml"
  loop:
    - { src: "sudoers.j2", dest: "/etc/sudoers.d/20-ansible-extra" }

- name: copy ssh template
  template:
    src: "sshd_config.j2"
    dest: "/etc/ssh/sshd_config"
    owner: root
    group: root
    mode: "0644"
  notify: reload ssh

- name: viva la hollande
  locale_gen:
    name: nl_NL.UTF-8
    state: present

- name: ensure basic tooling is installed
  apt:
    name:
      - acl
      - man
      - apt-transport-https
      - ca-certificates
      - software-properties-common
      - policykit-1
      - libpolkit-agent-1-0
      - nftables
      - openssh-client
      - bash-completion
      - git
      - vim
      - curl
      - tree
      - haveged
      - rsync
    state: present

- name: copy firewall template
  template:
    src: "nftables.j2"
    dest: "/etc/nftables.conf"
    owner: root
    group: root
    mode: "0600"
  notify: restart nftables

# see https://wiki.debian.org/systemd#Orphaned_processes
- name: enable loginctl user-linger
  command: "loginctl enable-linger {{ default_user|quote }}" # noqa 301