- hosts: kea
  remote_user: root
  become: no
  roles:
    - role: sane_debian_system
      tags: [sane]
    - comfortable-debian-system
    - gnome-system
    - smarthost-client
    - intel-wifi
    - self-updating-system
    - ssd
    - unix_users
  tasks:
    - lineinfile:
        path: /etc/gdm3/daemon.conf
        regex: WaylandEnable
        line: WaylandEnable=false
    - apt:
        name:
          - flatpak
          - gnome-software-plugin-flatpak
          - cups
          - nfs-common
          - ufw
    - apt:
        deb: https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
    - shell:
         flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
    - ufw:
        state: enabled
        policy: deny
    - ufw:
        port: ssh
        rule: allow
  vars:
    ansible_python_interpreter: /usr/bin/python3

    sane_debian_system_version: 2
    sane_debian_system_hostname: kea
    sane_debian_system_codename: bullseye
    sane_debian_system_timezone: Europe/Helsinki
    sane_debian_system_sources_lists:
      - repo: |
          deb http://deb.debian.org/debian bullseye contrib non-free

      - repo: |
          deb-src http://deb.debian.org/debian bullseye main contrib non-free

      - repo: |
          deb http://security.debian.org/debian-security bullseye-security main contrib non-free

    unix_users_version: 2
    unix_users:
      - username: soile
        comment: Soile Mottisenkangas
        groups:
          - audio
          - bluetooth
          - cdrom
          - dialout
          - dip
          - floppy
          - netdev
          - plugdev
          - scanner
          - video
        authorized_keys: |
          {{ liw_personal_ssh_pub }}

    mailname: kea.liw.fi
    hostname: "{{ sane_debian_system_hostname }}"
    relayhost: pieni.net:587
    smarthost: pieni.net
    smarthost_user: pienirelay
    smarthost_password: "{{ lookup('pipe', 'pass show pieni.net/pienirelay') }}"