---
- name: Converge
  hosts: all
  become: true
  vars:
    # Core settings
    timezone: Europe/Rome
    explicitly_set_hostname: true

    # SSHD settings
    sshd_install_config: true
    sshd_permit_root_login: without-password
    sshd_password_authentication: "no"

    # Fail2ban settings - disabled for testing (requires systemd)
    fail2ban_enabled: false

    # MOTD settings
    motd_setup: true
    motd_additional_text: "\nTest host managed by Ansible\n"

    # Cloud-init settings
    cloud_init_disable_netconfig: false
    cloud_init_remove_pkg: false

    # Skip dependencies for testing
    centos_install_epel: true

    # Disable services that may not work in containers
    disable_some_not_needed_services: false
    disable_apport_service: false

    # Package cleanup
    cleanup_base_packages: false
    cleanup_exim_email_server: false
    ubuntu_remove_lxd: false

  pre_tasks:
    - name: Update apt cache on Debian
      ansible.builtin.apt:
        update_cache: true
        cache_valid_time: 3600
      when: ansible_os_family == 'Debian'

    - name: Install EPEL on EL
      ansible.builtin.dnf:
        name: epel-release
        state: present
      when: ansible_os_family == 'RedHat'

  roles:
    - role: basic-system-setup