---
- include: repos.yml

- name: install system utilities
  apt:
    force_apt_get: true
    install_recommends: false
    name: "{{ sysconfig_packages }}"

- name: install ubicast-config
  apt:
    force_apt_get: true
    install_recommends: false
    name: ubicast-config

- name: enable unattended upgrades
  copy:
    dest: /etc/apt/apt.conf.d/20auto-upgrades
    content: |
      APT::Periodic::Update-Package-Lists "1";
      APT::Periodic::Unattended-Upgrade "1";

- name: enable root login via ssh with key
  replace:
    dest: /etc/ssh/sshd_config
    regexp: '^#PermitRootLogin (yes|without-password|prohibit-password)'
    replace: "PermitRootLogin without-password"
  notify: restart sshd

- name: remove disabled root login
  replace:
    dest: /root/.ssh/authorized_keys
    regexp: "^no-port-forwarding,(.+) ssh-"
    replace: "ssh-"
  ignore_errors: yes

# FIREWALL

- name: firewall
  when: sysconfig_firewall_enabled
  vars:
    ferm_rules_filename: "{{ sysconfig_ferm_rules_filename }}"
    ferm_input_rules: "{{ sysconfig_ferm_input_rules }}"
    ferm_output_rules: "{{ sysconfig_ferm_output_rules }}"
    ferm_global_settings: "{{ sysconfig_ferm_global_settings }}"
  include_role:
    name: ferm-configure

- include: logs.yml

- include: locale.yml

- include: ntp.yml

...