# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Set hostname
  ansible.builtin.hostname:
    name: "{{ hostname }}"

- name: Set timezone
  community.general.timezone:
    name: "{{ timezone }}"

- name: Add users
  ansible.builtin.user:
    name: "{{ item.name }}"
    comment: "{{ item.comment }}"
    groups: "{{ item.groups }}"
    shell: /bin/bash
    state: present
  loop: "{{ users }}"

- name: Add SSH keys to users
  ansible.posix.authorized_key:
    user: "{{ item.name }}"
    key: "{{ item.ssh_keys | join('\n') }}"
    exclusive: true
  loop: "{{ users }}"

- name: Allow passwordless sudo
  community.general.sudoers:
    name: passwordless
    group: sudo
    host: ALL
    commands: ALL
    nopassword: true
    state: present

- name: Copy sshd_config
  ansible.builtin.copy:
    src: sshd_config
    dest: /etc/ssh/sshd_config
    owner: root
    mode: u=rw,g=r,o=r
    validate: /usr/sbin/sshd -t -f %s
  notify: Restart sshd