---
- name: Run the equivalent of "apt-get update" as a separate step
  ansible.builtin.apt:
    update_cache: yes

- name: Upgrade the OS (apt-get dist-upgrade)
  ansible.builtin.apt:
    upgrade: full

- name: Install QMEU Guest Agent
  ansible.builtin.apt:
    name: qemu-guest-agent
    update_cache: yes
    state: present

- name: Install NFS-Common
  ansible.builtin.apt:
    name: nfs-common
    update_cache: yes
    state: present

- name: Install open-iscsi
  ansible.builtin.apt:
    name: open-iscsi
    update_cache: yes
    state: present

- name: Install util-linux
  ansible.builtin.apt:
    name: util-linux
    update_cache: yes
    state: present

- name: Set same timezone on every Server
  community.general.system.timezone:
    name: "{{ system_timezone }}"
  when: (system_timezone is defined) and (system_timezone != "Your/Timezone")

- name: Set SELinux to disabled state
  ansible.posix.selinux:
    state: disabled
  when: ansible_os_family == "RedHat"

- name: Enable IPv4 forwarding
  ansible.posix.sysctl:
    name: net.ipv4.ip_forward
    value: "1"
    state: present
    reload: yes

- name: Enable IPv6 forwarding
  ansible.posix.sysctl:
    name: net.ipv6.conf.all.forwarding
    value: "1"
    state: present
    reload: yes

- name: Enable IPv6 router advertisements
  ansible.posix.sysctl:
    name: net.ipv6.conf.all.accept_ra
    value: "2"
    state: present
    reload: yes

- name: Add br_netfilter to /etc/modules-load.d/
  copy:
    content: "br_netfilter"
    dest: /etc/modules-load.d/br_netfilter.conf
    mode: "u=rw,g=,o="

- name: Load br_netfilter
  community.general.system.modprobe:
    name: br_netfilter
    state: present

- name: Add overlay to /etc/modules-load.d/
  copy:
    content: "overlay"
    dest: /etc/modules-load.d/overlay.conf
    mode: "u=rw,g=,o="

- name: Load overlay
  community.general.system.modprobe:
    name: overlay
    state: present

- name: Set bridge-nf-call-iptables (just to be sure)
  ansible.posix.sysctl:
    name: "{{ item }}"
    value: "1"
    state: present
    reload: yes
  when: ansible_os_family == "RedHat"
  loop:
    - net.bridge.bridge-nf-call-iptables
    - net.bridge.bridge-nf-call-ip6tables

- name: Add /usr/local/bin to sudo secure_path
  lineinfile:
    line: "Defaults    secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin"
    regexp: "Defaults(\\s)*secure_path(\\s)*="
    state: present
    insertafter: EOF
    path: /etc/sudoers
    validate: "visudo -cf %s"
  when: ansible_os_family == "RedHat"

- name: Copy /etc/rc.local file
  template:
    src: "rclocal.j2"
    dest: "/etc/rc.local"
    owner: root
    group: root
    mode: a+x

- name: Reboot
  ansible.builtin.reboot: