---

- name: Make sure we have a 'sudo' group
  group:
    name: sudo
    state: present

- name: Allow sudo group to have passwordless sudo
  lineinfile:
    path: /etc/sudoers
    state: present
    regexp: '^%sudo'
    line: '%sudo ALL=(ALL) NOPASSWD: ALL'
    validate: '/usr/sbin/visudo -cf %s'

- name: Create a new regular user with sudo privileges
  user:
    name: "{{ create_user }}"
    state: present
    groups: sudo
    append: true
    create_home: true
    shell: /bin/bash

- name: Set authorized key for remote user
  authorized_key:
    user: "{{ create_user }}"
    state: present
    key: "{{ copy_local_key }}"


# - name: Disable password authentication for root
#   lineinfile:
#     path: /etc/ssh/sshd_config
#     state: present
#     regexp: '^#?PermitRootLogin'
#     line: 'PermitRootLogin no'

- name: Update apt
  apt: update_cache=yes

- name: Install required system packages
  apt: name={{ sys_packages }} state=latest

- name: Restart sshd
  service:
    name: sshd.service
    state: restarted