---

- name: Common | Install common packages
  ansible.builtin.apt:
    update_cache: true
    name:
      - molly-guard
      - dnsutils
      - sudo
      - nano
      - tree
      - screen
      - python3
      - curl
      - gnupg
      - ca-certificates
      - cloud-utils
      - rsync
      - htop
      - unzip

- name: Common | Allow to sudo with ssh-key
  ansible.builtin.copy:
    src: sudoers
    dest: /etc/sudoers
    owner: root
    group: root
    mode: '0440'

- name: Common | Change sshd port
  ansible.builtin.copy:
    src: sshd_config
    dest: /etc/ssh/sshd_config
    owner: root
    group: root
    mode: '0644'

- name: Common | Change hostname
  ansible.builtin.template:
    src: hostname.j2
    dest: /etc/hostname
    owner: root
    group: root
    mode: '0644'

- name: Common | Restart sshd service
  ansible.builtin.service:
    name: sshd
    state: restarted

- name: Common | Deploy users
  ansible.builtin.user:
    name: "{{ item }}"
    shell: /bin/bash
    groups: sudo
    append: true
    create_home: true
  with_items: "{{ group_vars_ssh_users }}"

- name: Deploy SSHKeys for users
  ansible.posix.authorized_key:
    user: "{{ item }}"
    state: present
    key: "{{ lookup('file', 'ssh-keys/{{ item }}.pub') }}"
  with_items: "{{ group_vars_ssh_users }}"