- name: "Check that host runs Debian buster/sid on armv7l or x86_64"
  assert:
    that:
      - "ansible_architecture == 'aarch64' or ansible_architecture == 'armv7l' or ansible_architecture == 'x86_64'"
      - "ansible_os_family == 'Debian'"

- name: "Upgrade system"
  apt:
    upgrade: dist # Should we do a full uprade instead of a dist one?
    update_cache: yes
    cache_valid_time: 3600
    autoclean: yes
    autoremove: yes

- name: "Install base tools"
  apt:
    name:
      # Essentials
      - curl
      - less
      - sudo
      - tar
      - unzip
      # User tooling
      - screen
      - vim
      # Monitoring
      - bmon
      - htop
      - iftop
      - iputils-ping
      - iotop
      - strace
      - tcpdump
      # Networking
      - iproute2 # advanced net-tools
      - iptables # legacy firewall (still used by diplonat)
      - iptables-persistent
      - net-tools # basic network tools
      - nftables # iptables' successor (will replace it eventually)
      - dnsutils # now called bind9-dnsutils
      # Optional / Dispensable
      #- docker.io # Adrien n'approuve pas (il faut utiliser le repo Docker)
      - parted 
      #- btrfs-tools
      #- libnss-resolve # provides DNS/LLMNR utilities via systemd-resolved
    state: present

- name: "Passwordless sudo"
  lineinfile:
    path: /etc/sudoers
    state: present
    regexp: '^%sudo'
    line: '%sudo ALL=(ALL) NOPASSWD: ALL'
    validate: 'visudo -cf %s'