---
- name: Install base system packages
  ansible.builtin.apt:
    name:
      # Base utilities
      - curl
      - wget
      - unzip
      - xclip
      - tree
      # Network and admin tools
      - net-tools
      - ufw
      - mailutils
      # Modern CLI tools
      - jq
      - ripgrep
      - fd-find
    state: present

- name: Install modern tools via snap
  community.general.snap:
    name:
      - yq
    state: present

- name: Create fd symlink (Ubuntu uses fd-find)
  ansible.builtin.file:
    src: /usr/bin/fdfind
    dest: /usr/local/bin/fd
    state: link
  when: ansible_distribution == "Ubuntu"

# fail2ban configuration moved to monitoring role

# UFW enablement moved to ssh role to avoid lockout

- name: Set timezone
  community.general.timezone:
    name: "{{ timezone | default('UTC') }}"

- name: Configure locale
  community.general.locale_gen:
    name: "{{ locale | default('en_US.UTF-8') }}"
    state: present