- name: Configure golden image
  hosts: myhosts
  tasks:
   - name: Set authorized key taken from file
     ansible.posix.authorized_key:
       user: root
       key: "{{  lookup('file', '../config/id_ed25519.pub')  }}"
   - name: Copy over SSHD config file
     ansible.builtin.copy:
       src: ../config/sshd_config
       dest: /etc/ssh/sshd_config
       owner: root
       group: root
       mode: "0600"
   - name: Restart SSHD
     ansible.builtin.systemd_service:
       name: sshd
       state: reloaded
   - name: Upgrade all packages
     ansible.builtin.dnf:
       name: "*"
       state: latest
   - name: Install wireguard-tools and qemu-guest-agent
     ansible.builtin.dnf:
       name:
         - wireguard-tools
         - qemu-guest-agent
       state: latest
   - name: Enable QEMU guest agent service
     ansible.builtin.systemd_service:
       name: qemu-guest-agent
       enabled: true
       state: started

   - name: Download gvisor
     ansible.builtin.get_url:
       url: https://storage.googleapis.com/gvisor/releases/release/latest/x86_64/runsc
       dest: /usr/local/bin/runsc
       force: yes
       mode: a+x

   - name: Download gvisor containerd-shim
     ansible.builtin.get_url:
       url: https://storage.googleapis.com/gvisor/releases/release/latest/x86_64/containerd-shim-runsc-v1
       dest: /usr/local/bin/containerd-shim-runsc-v1
       force: yes
       mode: a+x


   - name: Copy over docker daemon.json config file
     ansible.builtin.copy:
       src: ../config/daemon.json
       dest: /etc/docker/daemon.json
       owner: root
       group: root
       mode: "0644"
       force: true