bitb0x/roles/config/tasks/main.yml

---
# tasks file for config
#
#

- name: Determine OS variant
  register: variant
  ansible.builtin.shell: grep VARIANT_ID /etc/os-release | sed 's/VARIANT_ID=//g'
  tags: config

- name: Create /etc/sysusers.d directory
  become: true
  become_method: sudo
  ansible.builtin.file:
    dest: /etc/sysusers.d
    state: directory
  tags: config

- name: Fix parsec bug in Fedora-39
  become: true
  become_method: sudo
  ansible.builtin.copy:
    src: parsec.conf
    dest: /etc/sysusers.d/parsec.conf
    setype: etc_t
  when: variant.stdout=="iot"
  tags: config

- name: Enable Cockpit Service
  become: true
  become_method: sudo
  ansible.builtin.systemd_service:
    name: cockpit.socket
    state: started
    enabled: true
  tags: config

- name: Enable Cockpit in firewalld
  become: true
  become_method: sudo
  ansible.posix.firewalld:
    service: cockpit
    permanent: true
    state: enabled
  when: variant.stdout=="iot"
  tags: config

- name: Enable Avahi Service
  become: true
  become_method: sudo
  ansible.builtin.systemd_service:
    name: avahi-daemon
    state: started 
    enabled: true  
  tags: config
               
- name: Enable mdns in Firewall
  become: true
  become_method: sudo
  ansible.posix.firewalld:
    service: mdns 
    permanent: true
    state: enabled
  when: variant.stdout=="iot"
  tags: config
               
- name: Modify nsswitch file for mdns lookups
  become: true
  become_method: sudo
  ansible.builtin.lineinfile:  
    path: /etc/nsswitch.conf
    regexp: '^hosts:'                                                     
    line: 'hosts:   files mdns4_minimal [NOTFOUND=return] dns myhostname'
  notify: restart_avahi
  tags: config

- name: Set hostname to {{ hostname }}
  become: true
  become_method: sudo
  ansible.builtin.hostname:
    name: "{{ hostname }}"
  notify: restart_avahi
  tags: config

- name: Enable Zerotier
  become: true
  become_method: sudo
  ansible.builtin.systemd_service:
    name: zerotier-one
    state: started
    enabled: true
  when: (zerotier_network is defined) and (zerotier_network|length>0)
  tags: config

- name: Mask Fedora countme timer
  become: true
  become_method: sudo
  ansible.builtin.systemd_service:
    name: rpm-ostree-countme.timer
    state: stopped
    enabled: false
    masked: true
  tags: config

- name: Set {{ ansible_user }} user to linger
  become: true
  become_method: sudo
  ansible.builtin.shell: 
    cmd: loginctl enable-linger {{ ansible_user }}
    creates: /var/lib/systemd/linger/{{ ansible_user }}
  tags: config

- name: Set update zincati wariness to {{update_wariness}}
  become: true
  become_method: sudo
  ansible.builtin.copy:
    dest: /etc/zincati/config.d/10-update-wariness.toml
    content: |
      [identity]
      rollout_wariness = {{update_wariness}}
  tags: config

- name: Set update schedule for zincati
  become: true
  become_method: sudo
  ansible.builtin.copy:
    dest: /etc/zincati/config.d/20-update-schedule.toml
    content: |
      [updates]
      strategy = "periodic"

      [updates.periodic]
      time_zone="{{ update_schedule_timezone }}"

      [[updates.periodic.window]]
      days = {{ update_schedule_days }}
      start_time = "{{ update_schedule_starttime }}"
      length_minutes = {{ update_schedule_length }}
  tags: config