---
- name: Update & Ubuntu & Debian
  apt:
    name: "*"
    state: latest
    update_cache: true
  when: ansible_os_family == "Debian"

- name: Install basic software
  apt:
    name: "{{ sk_ubuntu_software }}"
    state: latest
   update_cache: true
  when: ansible_os_family == "Debian"

- name: Set timezone to Warsaw
  timezone:
    name: Europe/Warsaw

- name: Hostname Configuration
  hostname:
    name: "{{ sk_host }}.{{ sk_domain }}"
    use: systemd    

# UFW configuration
- name: Disable UFW
  community.general.ufw:
    state: disabled
  when: ansible_os_family == "Debian"

- name: Reset UFW to default
  community.general.ufw:
    state: reset
  when: ansible_os_family == "Debian"

- name: Set default policy for incoming traffic to 'deny'
  community.general.ufw:
    direction: incoming
    policy: deny
  when: ansible_os_family == "Debian"

- name: Set default policy for outgoing traffic to 'allow'
  community.general.ufw:
    direction: outgoing
    policy: allow
  when: ansible_os_family == "Debian"
  
- name: Allow access from {{ sk_wan_network }} to any port "{{sk_ssh_port}}"
  community.general.ufw:
    rule: allow
    src: {{ sk_wan_network }}
    to_port: "{{sk_ssh_port}}"
    comment: 'SSH'
  when: ansible_os_family == "Debian"

- name: Limit log from "{{ sk_lan_network }}" to tcp port "{{sk_ssh_port}}"
  community.general.ufw:
    rule: limit
    log: yes
    src: "{{ sk_lan_network }}"
    to_port: "{{sk_ssh_port}}"
    proto: tcp
  when: ansible_os_family == "Debian"

- name: Reload UFW
  community.general.ufw:
    state: reloaded
  when: ansible_os_family == "Debian"  

- name: Enable UFW
  community.general.ufw:
    state: enabled
  when: ansible_os_family == "Debian"      

- name: Enable chronyd
  service:
    name: chronyd
    state: started
    enabled: true