---

- name: Disable IPv6
  ansible.posix.sysctl:
    name: "{{ item }}"
    value: 1
    state: present
    reload: true
  with_items:
    - net.ipv6.conf.all.disable_ipv6
    - net.ipv6.conf.default.disable_ipv6
    - net.ipv6.conf.lo.disable_ipv6

- name: Allow reading kernel messages for non-root users
  ansible.posix.sysctl:
    name: "{{ item }}"
    value: 0
    state: present
    reload: true
  with_items:
    - kernel.dmesg_restrict

- name: Disable ufw (firewall)
  ansible.builtin.apt:
    name: ufw
    state: absent

- name: Disable apparmor
  ansible.builtin.systemd:
    name: apparmor
    enabled: false

- name: Create /data folder
  ansible.builtin.file:
    path: /data
    state: directory
    owner: root
    group: root
    mode: "0755"

- name: Wait 5 minutes for fstrim to finish
  ansible.builtin.pause:
    minutes: 5
  when: not debugging

- name: Unmount mnt
  ansible.posix.mount:
    path: /mnt
    state: unmounted

- name: Disable mount point mnt
  ansible.posix.mount:
    path: /mnt
    state: absent

- name: Create fstab entry for vdb
  ansible.posix.mount:
    path: /data
    src: /dev/vdb
    fstype: ext4
    opts: defaults
    state: present
  when: not debugging

- name: Mount /data
  ansible.posix.mount:
    path: /data
    src: /dev/vdb
    fstype: ext4
    opts: defaults
    state: mounted
  when: not debugging

- name: Update cache to find necessary utilities
  ansible.builtin.apt:
    update_cache: true

- name: Install necessary utilities
  ansible.builtin.apt:
    pkg:
      - ca-certificates
      - cron
      - curl
      - unzip
      - zip
    state: present