base-infra/roles/agent-setup/tasks/main.yml

- name: Set facts for target SSH-connection
  set_fact:
    target_ansible_port: "{{ ansible_port }}"

- name: Check if SSH-connection is already adjusted
  ping:
  ignore_errors: "yes"
  ignore_unreachable: "yes"
  register: target_ssh

- name: Set ansible_port to 22 when SSH-connection is not adjusted
  set_fact:
    ansible_port: "22"
  when: target_ssh.unreachable is defined and
        target_ssh.unreachable == True

- name: Check if initial SSH-connection is active
  ping:
  when: target_ssh.unreachable is defined and
        target_ssh.unreachable == True

- name: Set SSH-port to 1022
  lineinfile:
    path: /etc/ssh/sshd_config
    regexp: '^#?\s*Port\s+[0-9]+$'
    line: Port 1022
  notify: Restart sshd
  when: target_ssh.unreachable is defined and
        target_ssh.unreachable == True

- name: Ensure SSH is reloaded
  meta: flush_handlers
  when: target_ssh.unreachable is defined and
        target_ssh.unreachable == True

- name: Reset ansible_port to configured value
  set_fact:
    ansible_port: "{{ target_ansible_port }}"
  when: target_ssh.unreachable is defined and
        target_ssh.unreachable == True

- name: Run deferred setup to gather facts
  setup:

- name: Set default network route
  shell: "ip route add default via {{ private_nat }}"
  ignore_errors: "yes"
  when: ansible_facts['default_ipv4']['alias'] is not defined

- name: Regather facts
  setup:
  when: ansible_facts['default_ipv4']['alias'] is not defined

- name: Gather fact target_nic
  set_fact:
    target_nic: "{{ ansible_facts['default_ipv4']['alias'] }}"

- name: Ensure path to configure default route
  file:
    path: "{{ network_config_path }}"
    state: directory

- name: Configure default route
  template:
    src: nic.network.j2
    dest: "{{ network_config_path }}/10-{{target_nic}}.network"

- name: Configure DNS servers
  lineinfile:
    path: /etc/systemd/resolved.conf
    regexp: '^#?\s*DNS\s*=.*'
    line: "DNS={{ dns_servers }}"
  notify: "Restart resolved"