--- - hosts: dev become: true vars_files: - "{{ inventory_dir }}/vars.yml" tags: - host tasks: - name: Upgrade base system to Debian Trixie tags: - apt - requires_reboot block: - name: Update and upgrade base system packages ansible.builtin.apt: update_cache: true upgrade: full autoclean: true - name: Change package sources file to pull from Trixie ansible.builtin.copy: src: "{{ inventory_dir }}/includes/00-configure-host-system/sources.list" dest: "{{ etc_apt }}/sources.list" backup: true - name: Update base system to Trixie ansible.builtin.apt: clean: true update_cache: true upgrade: dist - name: Reboot the system after dist upgrade ansible.builtin.reboot: - name: Autoremove old packages ansible.builtin.apt: autoremove: true - name: Configure host system tags: - requires_reboot block: - name: Change hostname ansible.builtin.command: argv: - hostnamectl - set-hostname - "{{ hostname }}" - name: Generate UTF-8 locales ansible.builtin.command: argv: - locale-gen - en_US.utf8 - name: Reboot the host system after configuration ansible.builtin.reboot: - name: Enable and configure the firewall block: - name: Install nftables and firewalld ansible.builtin.package: name: nftables,firewalld state: present - name: Add all necessary services to firewalld ansible.builtin.command: argv: - firewall-cmd - --permanent - --add-service=ssh - --add-service=http - --add-service=https - --add-service=redis - --add-service=postgresql - name: Reload firewalld to apply service changes ansible.builtin.command: argv: - firewall-cmd - --reload