- name: Install packages on all servers
  ansible.builtin.apt:
    package: "{{ item.list }}"
    state: present
  loop: "{{ base_config_packages }}"

- name: Change hostname to inventory name
  ansible.builtin.hostname:
    name: "{{ ansible_facts['hostname'] }}"
    use: systemd

- name: Change /etc/hosts
  ansible.builtin.template:
    src: templates/hostname.j2
    dest: /etc/hostname
    mode: "0755"

- name: Create groups that are missing
  ansible.builtin.group:
    name: "{{ item.name }}"
    state: "{{ item.state }}"
    system: "{{ item.system }}"
  loop: "{{ base_config_group }}"

- name: Allow 'sudo' group to have passwordless sudo
  ansible.builtin.lineinfile:
    dest: /etc/sudoers
    state: present
    regexp: "^%sudo"
    line: "%sudo ALL=(ALL) NOPASSWD: ALL"
    validate: "visudo -cf %s"

- name: Create user
  ansible.builtin.user:
    user: "{{ item.user }}"
    expires: false
    system: "{{ item.system | default(false) }}"
    groups: "{{ item.groups | default([]) }}"
    state: "{{ item.state | default(absent) }}"
    remove: "{{ item.remove | default(false) }}"
    shell: "{{ item.shell | default([]) }}"
    create_home: "{{ item.create_home | default(true) }}"
  loop: "{{ base_config_user }}"

- name: Create custom sudoers file
  ansible.builtin.file:
    dest: /etc/sudoers.d/custom
    state: present
    mode: "0755"

- name: Create ansible User for future rollouts
  ansible.posix.authorized_key:
    user: "{{ item.name | default([]) }}"
    key: "{{ item.sshkey | default([]) }}"
    exclusive: "{{ item.exclusive | default(true) }}"
  loop: "{{ base_config_user }}"

- name: Change SSH Config to just take SSH Keys
  ansible.builtin.template:
    src: tempalates/custom.conf.j2
    dest: '/etc/ssh/sshd_config.d/custom.conf'
    mode: '0644'
  notify: SSH_Handler