---
- name: Install shit
  hosts: all
  tasks:
  - name: Std Repo stuff
    apt:
      update_cache: true
      name:
        - vim
        - curl
        - wget
        - sudo
        - net-tools
        - nmap
        - python3-pip
        - python3-passlib
        - vnstat
        - chrony
  - name: Enable VNStat service
    service:
      name: vnstat
      enabled: yes
      state: started
  - name: Enable Chrony (NTP) service
    service:
      name: chrony
      enabled: yes
      state: started
- name: Sysctl
  hosts: all
  tasks:
    - name: disable dmesg logging to console
      sysctl:
        name: kernel.printk
        value: '3 4 1 3'
        state: present
        sysctl_set: yes
- name: Add users
  hosts: all
  vars:
    users:
      - arya
      - mrlerien
      - devrand
      - midou
      - ansiblerunner
    password: d404559f602eab6fd602ac7680dacbfaadd13630335e951f097af3900e9de176b6db28512f2e000b9d04fba5133e8b1c6e8df59db3a8ab9d60be4b97cc9e81db

  tasks:
    - name: bashrc skel
      template: 
        src: templates/bashrc.j2
        dest: /etc/skel/.bashrc
    - name: profile skel
      template: 
        src: templates/profile.j2
        dest: /etc/skel/.profile
    - name: bash_aliases skel
      template: 
        src: templates/bash_aliases.j2
        dest: /etc/skel/.bash_aliases
    - name: prompt skel
      template: 
        src: templates/prompt.j2
        dest: /etc/skel/.prompt
    - name: bashrc root
      template: 
        src: templates/bashrc.j2
        dest: /root/.bashrc
    - name: profile root
      template: 
        src: templates/profile.j2
        dest: /root/.profile
    - name: bash_aliases root
      template: 
        src: templates/bash_aliases.j2
        dest: /root/.bash_aliases
    - name: prompt root
      template: 
        src: templates/prompt.j2
        dest: /root/.prompt
    - name: Add user
      user:
        name: "{{ item }}"
        group: users
        groups: users,sudo
        password: "{{ password }}"
        shell: /bin/bash
        update_password: on_create # Add the same initial password for all users (can be overwritten by user)
      with_items: 
        - "{{ users }}"
    - name: "Add authorized keys"
      authorized_key:
        user: "{{ item }}"
        key: "{{ lookup('file', 'files/'+ item + '.pub') }}"
      with_items:
        - "{{ users }}"
    - name: "Allow admin users to sudo without a password"
      lineinfile:
        dest: "/etc/sudoers" # path: in version 2.3
        state: "present"
        regexp: "^%sudo"
        line: "%sudo ALL=(ALL) NOPASSWD: ALL"
- name: Add extra authorized_key for soleil
  hosts: soleil
  vars:
    users:
      - arya
      - mrlerien
      - devrand
      - midou
  tasks:
    - name: Add extra authorized_key for soleil
      authorized_key:
        user: "{{item}}"
        key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCn7RsO05kXSKBBopwzAri/MfhRwA+iuB1X96jQl0rhYvGmYVZLi0CPyXzE2laL5tRiyXYsIgHTVCfsn+CF+ilFXBa+xLcJ9Yau/SjtnZASixljeZuy0o3aTdl/IqcOcLVCdDaatuzOXFTjZCE+r67FqxFcaw9lzWi7QjtE1j8ar5+qo278XWWltYogxccHXBXqDr2chz95Ye0lAEIWp0LOgkSYjVNNKaAc7Y6kwr7SlwKMdlfbY6WPOyRQX5l1rnpU6Cw4mRf+l06+drpkGFIll3dulm0CNIoXYVy3W5Hr+C0Z6FT0bqZP1NuG1bDWTlwbMD3jIfBqhTI3V7oL5EvHCh3KsHfE7bS97F7MoeNx1xZrj2zIbkakdsxvm5oXra2RXpLbQXEzZDntGYoPaJT70yvnBSpxNDtzhUzZKwlTZIGN3LU/9USfmVTphZAR7l/BmT+j64eUZevuy3ht6iQQigkmi6KwXySXlUuUq2pXwTA/Dq1er3NclwTwT+v1QJ8= user@CoreVM"
      with_items:
        - "{{users}}"
- name: Configure SSHD
  hosts: all
  tasks:
    - name: sshd configuration file update
      template: 
        src: templates/sshd_config.j2
        dest: /etc/ssh/sshd_config
        backup: yes
        owner: 0
        group: 0
        mode: 0644
        validate: '/usr/sbin/sshd -T -f %s'
      notify:
        - restart sshd
  handlers:
    - name: restart sshd
      service: name=sshd state=restarted