---

- name: installing sudo
  ansible.builtin.apt:
    name: sudo
    update_cache: true
    state: present
  tags: all,users

- name: adding targetpw directive for sudo
  ansible.builtin.lineinfile:
    path: /etc/sudoers
    line: "{{ item }}"
    state: present
  with_items:
    - "Defaults        targetpw"
    - "Defaults        insults"
  tags: all,users

- name: creating admin users
  ansible.builtin.user:
    name: "{{ item.username }}"
    shell: /bin/bash
    groups: sudo
  with_items: "{{ admin_users }}"
  tags: all,users

- name: creating dev users
  ansible.builtin.user:
    name: "{{ item.username }}"
    shell: /bin/bash
    groups: sudo
  with_items: "{{ dev_users }}"
  tags: all,users

- name: adding authorized_keys for regular users
  ansible.builtin.authorized_key:
    user: "{{ item.username }}"
    key: "{{ item.public_key }}"
    state: "{{ item.state | default('present') }}"
  with_items:
    - "{{ admin_users }}"
    - "{{ dev_users }}"
  tags: all,users

- name: adding authorized_keys for root users
  ansible.builtin.authorized_key:
    user: "root"
    key: "{{ item.public_key }}"
    key_options: 'from="{{ private_networks }}"'
    state: "{{ item.state }}"
  with_items: "{{ admin_users }}"
  tags: all,users,rootonly