---
- name: Baseline essentials for Docker hosts
  hosts: all
  become: true

  vars:
    # --- Feature toggles (override in Semaphore extra vars) ---
    enable_install_base: true           # core tools everywhere
    enable_install_extras: true         # QoL/debug tools
    enable_remove_packages: true        # remove legacy/bloat

    # --- Packages ---
    base_packages:
      - curl              # HTTP CLI
      - git               # pull repos
      - jq                # parse JSON (docker inspect, APIs)
      - ca-certificates   # TLS roots for HTTPS
      - iproute2          # modern net tools (ip, ss, etc.)
      - acl               # file ACL support (setfacl/getfacl)

    extra_packages:
      - fzf               # fuzzy finder (your new favorite)
      - dnsutils          # dig/nslookup
      - htop              # nicer top
      - unzip             # handle .zip archives
      - bat               # prettier cat
      - tree              # directory view
      - bash-completion   # tab completion goodness

    absent_packages:
      - net-tools         # ifconfig/netstat (prefer iproute2)
      - snapd             # don't want snaps
      - apport             # crash reporter

  tasks:
    - name: Install base packages
      apt:
        name: "{{ base_packages }}"
        state: present
        update_cache: yes
      when: enable_install_base

    - name: Install extra packages
      apt:
        name: "{{ extra_packages }}"
        state: present
      when:
        - enable_install_extras
        - extra_packages | length > 0

    - name: Remove unwanted packages
      apt:
        name: "{{ absent_packages }}"
        state: absent
        purge: yes
      when:
        - enable_remove_packages
        - absent_packages | length > 0