---
- name: skip if refresh
  when: not refresh_api | bool
  block:
  - name: Get Windows version
    win_shell: "systeminfo /fo csv | ConvertFrom-Csv | select OS*, System*, Hotfix* | Format-List"
    register: windows_version

  - name: Print Windows host information
    debug:
      msg: "{{ windows_version }}"    

  - name: Install base packages
    win_chocolatey:
      name: 
        - "{{ windows_base_packages_item }}"
      state: present
      ignore_checksums: true
    loop: "{{ windows_base_packages }}"
    loop_control:
      loop_var: windows_base_packages_item

  - name: Install Server Services
    when: "'server' in windows_version"
    ansible.windows.win_feature:
      name:
        - "{{ windows_features_item }}"
      state: present    
    loop: "{{ windows_features }}"
    loop_control:
      loop_var: windows_features_item

  - name: Disable ms_tcpip6 of all the Interfaces
    community.windows.win_net_adapter_feature:
      interface: '*'
      state: disabled
      component_id:
        - ms_tcpip6

  - name: windows server items
    when: "'server' in windows_version"
    block:

    - name: disable IE-ESC for user
      win_shell: 'Set-ItemProperty -Path "HKLM:\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}" -Name "IsInstalled" -Value 0'

    - name: disable IE-ESC for admin
      win_shell: 'Set-ItemProperty -Path "HKLM:\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}" -Name "IsInstalled" -Value 0'

    - name: disable automatic updates
      ansible.windows.win_regedit:
        path: HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
        name: NoAutoUpdate
        data: 1

  - name: disable Firewall
    win_shell: "netsh advfirewall set allprofiles state off"

  #- name: desktop items
  #  when: "'server' not in windows_version"
  #  include_tasks: desktop.yaml
...