olimp/roles/base_setup/tasks/main.yml

---
- name: Update and upgrade apt packages
  apt:
    upgrade: yes
    update_cache: yes
    cache_valid_time: 3600

- name: Install base packages
  apt:
    name: "{{ base_packages }}"
    state: present
    update_cache: yes

- name: Configure timezone
  timezone:
    name: "{{ timezone }}"

- name: Configure locale
  locale_gen:
    name: "{{ system_locale }}"
    state: present

- name: Set default locale
  lineinfile:
    path: /etc/default/locale
    line: "LANG={{ system_locale }}"
    state: present
    create: yes

- name: Ensure required directories exist
  file:
    path: "{{ item }}"
    state: directory
    mode: 0755
  loop:
    - /opt/scripts
    - /etc/apt/keyrings

- name: Install Python requests library
  apt:
    name: python3-requests
    state: present
  when: ansible_connection != "local"

- name: Ensure SSH directory exists
  file:
    path: /root/.ssh
    state: directory
    mode: '0700'

- name: Add authorized key for root
  authorized_key:
    user: root
    state: present
    key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCbvnGZxQEGYuScClONbkbfVn2+Uo1kYYztXqMf9ku1lHkw+7IZa00LOMwv7QGBRvrtBcw+TWqaMst5FZ3FZ3R6oWcQc+nkBEYoRXe4f3AuuFAl9C9F6sEYMfX6mAHIlWQhFyVslazZtVTQwnfRV0rnbtCduCu9liywM3fShFqBVwq7Y4nBjG648Zq+VfCHpbBE9XkZaMDyeOXdtppmLetywnBS33mbXMDgH09PMlRz097xfZLkpFdSi8WtDOtKSBiEHtZ+H0EZ42Cda2xMnqlgVtPxWGUirvv6CvDyTmuMzrjALZoSKhl3iD6Szd1YOJcAw6bv9gbJKxPkZchrB65ZXT ZailonOlimp"

- name: Configure SSH security
  lineinfile:
    path: /etc/ssh/sshd_config
    regexp: "{{ item.regexp }}"
    line: "{{ item.line }}"
    state: present
  loop:
    - { regexp: '^PasswordAuthentication', line: 'PasswordAuthentication no' }
    - { regexp: '^PermitRootLogin', line: 'PermitRootLogin prohibit-password' }
    - { regexp: '^PubkeyAuthentication', line: 'PubkeyAuthentication yes' }
  notify: restart ssh