ansible/configure_base.yml

---
- name: Include global vars
  hosts:
    - "{{ target_host_group | default('all') }}"
  # Delegate fact gathering to individual playbooks
  gather_facts: yes
  vars_files:
    - vars/main.yml
  tasks:
    - name: Set local ansible facts dir
      set_fact:
        ansible_local_facts_dir: "{{ ansible_local_facts_dir }}"

# Host configuration pre-tasks
- name: Host configuration pre-tasks
  import_playbook: playbooks/kwuxlab_ansible_common_pre_tasks/main.yml
  when: (ansible_local is not defined) or
    ("kwuxlab_ansible_common_pre_tasks_completion_mark" not in ansible_local) or
    (kwuxlab_ansible_common_pre_tasks_pb_version != ansible_local.kwuxlab_ansible_common_pre_tasks_completion_mark.version)

- name: Include version vars
  hosts:
    - "{{ target_host_group | default('all') }}"
  gather_facts: yes
  vars_files:
    # Host recognition
    - playbooks/kwuxlab_ansible_common_pre_tasks/version.yml

    # Base OS config
    - playbooks/kwuxlab_ansible_common_base/version.yml
    - playbooks/kwuxlab_ansible_common_ufw/version.yml
    - playbooks/kwuxlab_ansible_common_ssh_rules/version.yml

  tasks:
    - name: Set current playbook versions
      set_fact:
        # Host recognition
        kwuxlab_ansible_common_pre_tasks_pb_version: "{{ kwuxlab_ansible_common_pre_tasks_pb_version }}"

        # Base OS config
        kwuxlab_ansible_common_base_pb_version: "{{ kwuxlab_ansible_common_base_pb_version }}"
        kwuxlab_ansible_common_base_ufw_pb_version: "{{ kwuxlab_ansible_common_base_ufw_pb_version }}"
        kwuxlab_ansible_common_base_ssh_rules_pb_version: "{{ kwuxlab_ansible_common_base_ssh_rules_pb_version }}"

- name: Gather facts for all kwuxlab hosts
  hosts:
    - "{{ target_host_group | default('all') }}"
  gather_facts: no
  tasks:
    - name: Setup
      ansible.builtin.setup:
      tags:
        - always

# COMMON/SUDO/GIT
- name: Common base install
  import_playbook: playbooks/kwuxlab_ansible_common_base/main.yml
  when: ("kwuxlab_ansible_common_base_completion_mark" not in ansible_local) or
        (kwuxlab_ansible_common_base_pb_version != ansible_local.kwuxlab_ansible_common_base_completion_mark.version)

# UFW
- name: Firewall install & rules configuration
  import_playbook: playbooks/kwuxlab_ansible_common_ufw/main.yml
  when: ("kwuxlab_ansible_common_base_ufw_completion_mark" not in ansible_local) or
        (kwuxlab_ansible_common_base_ufw_pb_version != ansible_local.kwuxlab_ansible_common_base_ufw_completion_mark.version)

# SSH
- name: SSH connection & configuration hardening
  import_playbook: playbooks/kwuxlab_ansible_common_ssh_rules/main.yml
  when: ("kwuxlab_ansible_common_base_ssh_rules_completion_mark" not in ansible_local) or
        (kwuxlab_ansible_common_base_ssh_rules_pb_version != ansible_local.kwuxlab_ansible_common_base_ssh_rules_completion_mark.version)