---
- name: Setup the system
  hosts: all
  gather_facts: true
  vars:
    # Determine the fstype of root filesystem
    # PERF: a shorter version but requires `py3-jmespath`: '{{ ansible_mounts | json_query("[?mount == `/`].fstype") | first }}'
    rootfs: '{{ ansible_mounts | selectattr("mount", "equalto", "/") | map(attribute="fstype") | first }}'
    # elogind needs polkit to function
    use_polkit: '{{ (seat_manager == "elogind") | ternary("True", polkit) }}'
  pre_tasks:
    - name: Sanity checks
      tags: always
      block:
        - name: Check user ID
          fail:
            msg: This playbook should be run as 'root'
          when: ansible_real_user_id != 0
        - name: Import list of accepted values for custom variables
          include_vars:
            name: accepted_values
            file: ./requirements/accepted_variables.yml
        - name: Check defined values of top-level variables
          fail:
            msg: 'Variable `{{ item }}` needs to be 1 of {{ accepted_values[item] }}'
          when: not vars[item] in accepted_values[item]
          loop: '{{ accepted_values | flatten }}'
  roles:
    - role: essential
      tags: essential
    - role: devd
      tags: devd
    - role: acpi
      tags: acpi
    - role: seat
      tags: seat
    - role: fstab
      tags: fstab
    - role: nftables
      tags: nftables
    - role: apparmor
      tags: apparmor
    - role: auditd
      tags: auditd
    - role: ntpd
      tags: ntpd
    - role: cron
      tags: cron
    - role: networking
      tags: networking
    - role: libvirt
      tags: libvirt
    - role: tlp
      tags: [laptop, tlp]
    - role: dns
      tags: dns
    - role: usbguard
      tags: usbguard
    - role: zram
      tags: zram
    - role: snapshot
      tags: snapshot
      when: snapshot_tool != 'none'
    - role: earlyoom
      tags: earlyoom
    - role: user
      tags: user