---
- hosts: personal
  user: root

  tasks:

  - include_vars: vars/all.yml

  - name: Install essential and optional packages
    apt:
      name: "{{ item }}"
      state: present
      update_cache: yes
    with_items:
      - vim
      - byobu
      - screen
      - curl
      - unzip
      - ufw
      - htop
      - multitail
      - chrony
      - ca-certificates
      - unattended-upgrades
      - downtimed

  - name: Copy the templates over
    template:
      src: "{{ item.source }}"
      dest: "{{ item.destination }}"
    with_items:
      - { source: templates/vimrc.j2, destination: /etc/vim/vimrc }
      - { source: templates/vimrc.local.j2, destination: /root/.vimrc }
      - { source: templates/selected_editor.j2, destination: /root/.selected_editor }
      - { source: templates/bashrc.j2, destination: /root/.bashrc }
      - { source: templates/bashrc.j2, destination: /etc/skel/.bashrc }

  - name: Set vim as the default editor
    alternatives:
      name: editor
      path: /usr/bin/vim.basic

  - name: Set timezone
    timezone:
      name: "{{ timezone }}"

  - name: Generate locales
    locale_gen:
      name: en_US.UTF-8
      state: present
    with_items:
      - en_US.UTF-8
      - el_CY.UTF-8

  - name: Customize SSH
    lineinfile:
      path: /etc/ssh/sshd_config
      regexp: "{{ item.regexp }}"
      line: "{{ item.line }}"
    with_items:
      - { regexp: "^#?Port 22", line: "Port 22" }
      - { regexp: "^#?PermitRootLogin", line: "PermitRootLogin prohibit-password" }
      - { regexp: "^#?PasswordAuthentication", line: "PasswordAuthentication yes" }
    notify:
      - Restart SSH

  - name: Configure UFW
    ufw:
      rule: allow
      proto: tcp
      direction: in
      to_port: "{{ item }}"
      dest: any
      src: any
    with_items:
      - 22
      - 80
      - 443
      - "{{ custom_ssh_port }}"
    notify:
      - Enable UFW

  handlers:

  - name: Restart SSH
    service:
      name: ssh
      state: restarted

  - name: Enable UFW
    ufw:
      state: enabled