---

- name: Installing sudo
  ansible.builtin.apt:
    name: sudo
    update_cache: true
    state: present
  tags: all,users

- name: Adding targetpw directive for sudo
  ansible.builtin.lineinfile:
    path: /etc/sudoers
    line: "{{ item }}"
    state: present
  with_items:
    - "Defaults        targetpw"
    - "Defaults        insults"
  tags: all,users

- name: Creating admin users
  ansible.builtin.user:
    name: "{{ item.username }}"
    shell: /bin/bash
    groups: sudo
  with_items: "{{ bastion_admin_users }}"
  tags: all,users

- name: Creating dev users
  ansible.builtin.user:
    name: "{{ item.username }}"
    shell: /bin/bash
    groups: sudo
  with_items: "{{ bastion_dev_users }}"
  tags: all,users

- name: Adding authorized_keys for regular users
  ansible.posix.authorized_key:
    user: "{{ item.username }}"
    key: "{{ item.public_key }}"
    state: "{{ item.state | default('present') }}"
  with_items:
    - "{{ bastion_admin_users }}"
    - "{{ bastion_dev_users }}"
  tags: all,users

- name: Adding authorized_keys for root users
  ansible.posix.authorized_key:
    user: "root"
    key: "{{ item.public_key }}"
    key_options: 'from="{{ bastion_private_networks }}"'
    state: "{{ item.state }}"
  with_items: "{{ bastion_admin_users }}"
  tags: all,users,rootonly