---
- name: Deploy KVM virtual machines
  ansible.builtin.import_playbook: include/deploy-kvm-guest.yml
  vars:
    myhosts: adm

- name: Configure instance
  hosts: adm
  user: root
  gather_facts: true

  vars_files:
    - "{{ ansible_private }}/vars.yml"

  pre_tasks:
    - name: Mount /export
      ansible.posix.mount:
        name: /export
        src: LABEL=/export
        fstype: xfs
        opts: noatime,noexec,nosuid,nodev
        passno: "0"
        dump: "0"
        state: mounted

  roles:
    - base
    - ansible_host
    - certbot
    - role: keytab
      principals:
        - "host/{{ inventory_hostname }}@{{ kerberos_realm }}"
    - nfs_client
    - sssd
    - mkhomedir
    - rpm_build
    - web_build

  tasks:
    - name: Install packages
      ansible.builtin.package:
        name: "{{ item }}"
        state: installed
      with_items:
        - httpd-tools         # htpasswd
        - knot-utils          # kdig (dns over tls)
        - libvirt-client      # kvm host client
        - make                # generic building
        - mariadb             # mariadb client tools
        - nsd                 # check dns zone files
        - podman              # building containers
        - pylint              # python linting
        - python3-flake8      # python linting
        - virt-install        # install kvm guests
        - wget                # still in backbone for downloads
        - whois               # read whois data
        - yamllint            # yaml linting
    - name: Disable IP host key checking from SSH
      ansible.builtin.copy:
        content: |
          Host *.home.foo.sh
            CheckHostIP no
          Host shell??.foo.sh
            CheckHostIP no
        dest: /root/.ssh/config
        mode: "0600"
        owner: root
        group: "{{ ansible_wheel }}"