- name: Set the hostname per inventory
  hostname:
    name: "{{ inventory_hostname }}"
    use: systemd

- name: Set root password
  user:
    name: root
    password: "{{ root_pw | password_hash('sha512') }}"
  when: root_pw | default(false)

- name: Install firewalld on RedHat family
  package:
    name: firewalld
    state: latest
  when: ansible_os_family == "RedHat"

- name: Install firewalld on Arch
  community.general.pacman:
    name: firewalld
    state: present
  when: ansible_os_family == "Archlinux"

- name: Start and enable firewalld
  service:
    name: firewalld
    state: started
    enabled: true

- name: Add ssh to firewalld
  ansible.posix.firewalld:
    service: ssh
    state: enabled
    permanent: true
    immediate: true
    offline: true

- name: Add dhcpv6-client to firewalld
  ansible.posix.firewalld:
    service: dhcpv6-client
    state: enabled
    permanent: true
    immediate: true
    offline: true

- name: Disallow cockpit firewalld
  ansible.posix.firewalld:
    service: cockpit
    state: disabled
    permanent: true
    immediate: true
    offline: true