# =========================================================================== #
#                   __                                    _ __       
#       _________  / /__       ________  _______  _______(_) /___  __
#      / ___/ __ \/ / _ \     / ___/ _ \/ ___/ / / / ___/ / __/ / / /
#     / /  / /_/ / /  __/    (__  )  __/ /__/ /_/ / /  / / /_/ /_/ / 
#    /_/   \____/_/\___(_)  /____/\___/\___/\__,_/_/  /_/\__/\__, /  
#                                                           /____/
#
# =========================================================================== #

---
- name: Remove default user pi
  user:
    name: pi
    state: absent
    remove: yes

- name: Remove default group pi
  group:
    name: pi
    state: absent

- name: Apply syspatch for system type = {{ ansible_distribution }}
  syspatch:
    apply: true
  when: inventory_hostname in groups["openbsd"]

- name: Add puffy account for system type = {{ ansible_distribution }}
  user:
    name: puffy
    group: wheel
  when: inventory_hostname in groups["openbsd"]

- name: Copy doas.conf to /etc/doas.conf for system type = {{ ansible_distribution }}
  copy:
    src: "{{ role_path }}/files/doas.conf"
    dest: "/etc/doas.conf"

- name: Copy ssh key for puffy account
  authorized_key:
    user: puffy
    state: present
    key: "{{ item }}"
  with_file:
    - "{{ playbook_dir }}/files/pub_ssh/rgoncalves.pub.ssh"

- name: Copy ssh key for root account
  authorized_key:
    user: root
    state: present
    key: "{{ item }}"
  with_file:
    - "{{ playbook_dir }}/files/pub_ssh/rgoncalves.pub.ssh"

- name: Disable password login in sshd_config
  lineinfile:
    path: /etc/ssh/sshd_config
    regexp: "PasswordAuthentication"
    line: "PasswordAuthentication no"

- name: Restart sshd daemon
  service:
    name: sshd
    state: restarted