---
- name: Setup ansible custom facts
  ansible.builtin.file:
    dest: "{{ item }}"
    mode: "0755"
    owner: root
    group: "{{ ansible_wheel }}"
    state: directory
  with_items:
    - /etc/ansible
    - /etc/ansible/facts.d

- name: Add ansible_export fact
  ansible.builtin.copy:
    dest: /etc/ansible/facts.d/export.fact
    content: |
      #!/bin/sh
      if [ -d /export ]; then
          echo "true"
      else
          echo "false"
      fi
    mode: "0755"
    owner: root
    group: "{{ ansible_wheel }}"

- name: Reload facts
  ansible.builtin.setup:
    filter: ansible_local

- name: Include os specific tasks
  ansible.builtin.include_tasks:
    file: "{{ ansible_os_family }}.yml"

- name: Disable at from all users
  ansible.builtin.copy:
    content: "\n"
    dest: "/etc/at.allow"
    mode: "0600"
    owner: root
    group: "{{ ansible_wheel }}"

- name: Install basic roles
  ansible.builtin.include_role:
    name: "{{ role }}"
  with_items:
    - network
    - pki
    - psacct
    - sshd
    - sshd_cert
    - node_exporter
  loop_control:
    loop_var: role

- name: Install roles for physical hardware
  ansible.builtin.include_role:
    name: "{{ role }}"
  with_items:
    - lm_sensors
    - smartd
  loop_control:
    loop_var: role
  when:
    - ansible_virtualization_role == "host"
    - ansible_virtualization_type != "vmm"