---
- name: Deploy KVM virtual machines
  ansible.builtin.import_playbook: include/deploy-kvm-guest.yml
  vars:
    myhosts: nms

- name: Configure instance
  hosts: nms
  user: root
  gather_facts: true

  pre_tasks:
    - name: Mount /export
      ansible.posix.mount:
        name: /export
        src: LABEL=/export
        fstype: xfs
        opts: noatime,noexec,nosuid,nodev
        passno: "0"
        dump: "0"
        state: mounted

  vars_files:
    - "{{ ansible_private }}/vars.yml"

  roles:
    - base
    - nginx/server
    - role: nginx_site
      site: oob.foo.sh
    - sssd
    - mkhomedir
    - tftp

  tasks:
    - name: Enable UDP rsyslog server
      ansible.builtin.import_role:
        name: rsyslog
        tasks_from: udp-listen

    - name: Enable postfix mail relay
      ansible.builtin.import_role:
        name: postfix
        tasks_from: relay
      vars:
        relay_domains: [foo.sh]

    - name: Copy DNS zone files
      ansible.builtin.copy:
        dest: "/var/lib/unbound/{{ item }}"
        src: "/srv/dns/{{ item }}"
        mode: "0644"
        owner: root
        group: "{{ ansible_wheel }}"
      tags: dns
      notify: Restart unbound
      with_items:
        - 25.20.172.in-addr.arpa
        - oob.foo.sh

    - name: Import unbound role
      ansible.builtin.import_role:
        name: unbound

    # convert this to role for restart support
    - name: Enable NTP server for oob network
      ansible.builtin.lineinfile:
        path: /etc/chrony.conf
        regexp: "^#?allow .*"
        line: "allow 172.20.25.0/24"

    - name: Install extra packages
      ansible.builtin.package:
        name: "{{ item }}"
        state: installed
      with_items:
        - net-snmp-utils
        - nmap
        - rcs
        - scanssh
        - sslscan
        - unzip
        - wget