---
# vim: ft=yaml.ansible
- name: Deploy basics
  hosts: all  # reminder: '--limit'
  gather_facts: true
  vars:
    #  auto_update: true  # would configure dnf-automatic
    #  hardened_ssh_port: "1181"  # quoting to ensure no octal/decimal confusion
  roles:
    - {role: custom-facts, tags: ['facts', 'custom-facts']}
    # - {role: btrfs, tags: ['btrfs']}  # sets up scrubbing
    - {role: bootstrap, tags: ['boot', 'bootstrap']}
    - {role: grub, tags: ['grub']}
    - {role: tuned, tags: ['tuned']}
    - {role: install-packages, tags: ['pkgs', 'install', 'install-pkgs']}
    - {role: update-packages, tags: ['pkgs', 'install', 'update-pkgs']}
    # - {role: fedora-upgrade}  # replacing w/ 'dist-upgrade', supporting more than fedora
    - {role: create-user, tags: ['user']}  # should follow package-installing roles; provide groups the user may want to join
    - {role: hardening, tags: ['harden', 'hardening']}
#    - {role: docker}