---

- name: Copy server dotfiles
  tags: [dotfiles, dotfiles:server]
  ansible.builtin.copy:
    src: "{{ playbook_dir }}/../dotfiles/server/{{ item.src }}"
    dest: "{{ user_home }}/{{ item.dest }}"
    owner: "{{ username }}"
    group: "{{ user_group }}"
    mode: "{{ item.mode }}"
  loop: "{{ server_dotfiles | default([]) }}"
  loop_control:
    label: "{{ item.dest }}"

- name: Render server templates
  tags: [dotfiles, dotfiles:server]
  ansible.builtin.template:
    src: "{{ item.src }}"
    dest: "{{ user_home }}/{{ item.dest }}"
    owner: "{{ username }}"
    group: "{{ user_group }}"
    mode: "{{ item.mode }}"
  loop: "{{ server_templates | default([]) }}"
  loop_control:
    label: "{{ item.dest }}"

- name: Apply server UFW rules
  tags: [services, packages]
  community.general.ufw:
    rule: "{{ item.rule }}"
    name: "{{ item.name | default(omit) }}"
    port: "{{ item.port | default(omit) }}"
    proto: "{{ item.proto | default(omit) }}"
  loop: "{{ server_ufw_rules | default([]) }}"
  loop_control:
    label: "{{ item.name | default(item.port) }}"

- name: Enable UFW firewall on server
  tags: [services, packages]
  community.general.ufw:
    state: enabled