- name: Configure SSH and gvisor
  hosts: proxmox_vms
  tasks:
   - name: Copy over SSHD config file
     ansible.builtin.copy:
       src: ./files/sshd_config
       dest: /etc/ssh/sshd_config
       owner: root
       group: root
       mode: '0600'

   - name: Restart SSHD
     ansible.builtin.systemd_service:
       name: sshd
       state: reloaded
   
   - name: Download gvisor
     ansible.builtin.get_url:
       url: https://storage.googleapis.com/gvisor/releases/release/latest/x86_64/runsc
       dest: /usr/local/bin/runsc
       force: yes
       mode: a+x

   - name: Copy over dnf5-automatic config
     ansible.builtin.copy:
      src: ./files/automatic.conf
      dest: /etc/dnf/automatic.conf
      owner: root
      group: root
      mode: '0644'

   - name: Add dnf5-automatic overrides dir
     ansible.builtin.file:
      path: /etc/systemd/system/dnf5-automatic.service.d
      state: directory
      mode: '0644'

   - name: Add override.conf
     ansible.builtin.copy:
      src: ./files/override.conf
      dest: /etc/systemd/system/dnf5-automatic.service.d/override.conf
      owner: root
      group: root
      mode: '0644'

   - name: Add gvisor update service
     ansible.builtin.copy:
      src: ./files/gvisor-update.service
      dest: /etc/systemd/system/gvisor-update.service
      owner: root
      group: root
      mode: '0644'

   - name: Enable dnf5 auto updates
     ansible.builtin.systemd_service:
      name: dnf5-automatic.timer
      state: started
      enabled: true

   - name: Enable podman auto updates
     ansible.builtin.systemd_service:
      name: podman-auto-update.timer
      state: started
      enabled: true

   - name: Add /srv dir
     ansible.builtin.file:
      path: /srv
      state: directory
      mode: '0755'

   - name: Add /secrets dir
     ansible.builtin.file:
       path: /secrets
       state: directory
       mode: '0755'