---
- import_playbook: "include/deploy-kvm-guest.yml myhosts=adm"

- name: configure instance
  hosts: adm
  user: root
  gather_facts: true

  vars_files:
    - "{{ ansible_private }}/vars.yml"

  pre_tasks:
    - name: mount /export
      mount:
        name: /export
        src: LABEL=/export
        fstype: xfs
        opts: noatime,noexec,nosuid,nodev
        passno: "0"
        dump: "0"
        state: mounted

  roles:
    - base
    - ansible-host
    - certbot
    - role: keytab
      principals:
        - "host/{{ inventory_hostname }}@{{ kerberos_realm }}"
    - nfs-client
    - sssd
    - mkhomedir
    - rpm-build
    - web-build

  tasks:
    - name: install packages
      package:
        name: "{{ item }}"
        state: installed
      with_items:
        - httpd-tools         # htpasswd
        - knot-utils          # kdig (dns over tls)
        - libvirt-client      # kvm host client
        - make                # generic building
        - mariadb             # mariadb client tools
        - nsd                 # check dns zone files
        - podman              # building containers
        - pylint              # python linting
        - python3-flake8      # python linting
        - sslscan             # for testing ssl settings
        - virt-install        # install kvm guests
        - wget                # still in backbone for downloads
        - whois               # read whois data
        - yamllint            # yaml linting
    - name: disable ip host key checking from ssh
      copy:
        content: |
          Host *.home.foo.sh
            CheckHostIP no
          Host shell??.foo.sh
            CheckHostIP no
        dest: /root/.ssh/config
        mode: 0600
        owner: root
        group: "{{ ansible_wheel }}"