# vim: ft=yaml.ansible
---
- name: Provision MPC players
  hosts: all
  gather_facts: true
  become: true
  tasks:
    - name: Upgrade system packages
      ansible.builtin.apt:
        update_cache: true
        upgrade: full

    - name: Check if a reboot is needed
      ansible.builtin.stat:
        path: /var/run/reboot-required
      register: needs_reboot

    - name: Reboot host
      ansible.builtin.reboot:
      when: needs_reboot.stat.exists or
            (force_reboot is defined and force_reboot)

    - name: Create user {{ username }}
      ansible.builtin.user:
        name: "{{ username }}"
        password: "{{ secrets.user_password | ansible.builtin.password_hash('sha512') }}"
        shell: /bin/bash
        groups:
          - sudo
        update_password: always
        state: present

    - name: Add public SSH keys to user {{ username }}
      ansible.posix.authorized_key:
        user: "{{ username }}"
        key: "{{ ssh_keys | join('\n') }}"
        exclusive: true
        state: present

    - name: Import role mp_spdz
      ansible.builtin.import_role:
        name: mp_spdz
      become_user: "{{ username }}"