---
- name: Prestage server and install services [SYSLOG, FTP, TFTP, NTP]
  hosts: all
  roles: 
    - common
  become: yes

  tasks:

    - name: Update and upgrade current packages
      apt:
        update_cache: yes
        upgrade: yes

    - name: Update apt cache and install required packages
      apt:
        name: "{{ item }}"
      loop:
        - curl
        - tree
        - syslog-ng
        - vsftpd
        - tftpd-hpa
        - ntp
        - ufw
        - xrdp

    - name: Create a new regular user with sudo privileges
      user:
        name: "{{ create_user }}"
        state: present
        groups: sudo
        append: true
        create_home: true
        shell: /bin/bash

    - name: Set authorized key for remote user
      authorized_key:
        user: "{{ create_user }}"
        state: present
        key: "{{ copy_local_key }}"

    - name: Configure UFW to allow inbound NTP, SSH, SYSLOG, FTP connections
      ufw:
        rule: allow
        direction: in
        port: "{{ item.port }}"
        proto: "{{ item.proto }}"
      loop:
        - port: '22'
          proto: tcp
        - port: '123'
          proto: udp
        - port: '514'
          proto: udp
        - port: '23'
          proto: tcp
        - port: '3389'
          proto: tcp
        - port: '5140'
          proto: tcp
        - port: '5141'
          proto: tcp
        - port: '5142'
          proto: tcp


    - name: UFW - Deny all other incoming traffic by default
      ufw:
        state: enabled
        policy: deny
        direction: incoming

    - name: Block all IPv6 incoming connections
      ufw:
        rule: deny
        direction: in
        proto: ipv6

    - name: Send Webex Teams message via BOT to confirm playbook completion
      community.general.cisco_webex:
        recipient_type: toPersonEmail
        recipient_id: "{{ webex_id }}"
        msg_type: markdown
        personal_token: "{{ webex_token }}"
        msg: "**Prestaging has been completed for host {{ inventory_hostname }}.**"