- name: Init
  become: "{{ 'no' if inventory_hostname in ['sectorq.cloud', 'nas.home.lan'] else 'yes' }}"
  become_method: su
  block:
    - name: Include vault
      ansible.builtin.include_vars:
        file: jaydee.yml
    - name: Change password for jd
      ansible.builtin.user:
        name: jd
        password: "{{ jd_password | password_hash('sha512') }}"
    - name: Ensure deploy user exists
      ansible.builtin.user:
        name: jd
        shell: /bin/bash
        groups: sudo
        append: true
    - name: Give deploy sudo access
      ansible.builtin.copy:
        dest: /etc/sudoers.d/jd
        content: "jd ALL=(ALL:ALL) ALL\n"
        owner: root
        group: root
        mode: '0440'

    - name: Change password for root
      ansible.builtin.user:
        name: root
        password: "{{ jd_password | password_hash('sha512') }}"
    - name: Update become password for subsequent tasks
      ansible.builtin.set_fact:
        ansible_become_password: "{{ jd_password }}"

    - name: Add authorized SSH key
      ansible.posix.authorized_key:
        user: "jd"
        key: "{{ lookup('file', 'id_rsa.pub') }}"
        state: present

    - name: Set timezone to Europe/Bratislava
      ansible.builtin.command:
        cmd: timedatectl set-timezone Europe/Bratislava
      args:
        creates: /etc/timezone
    - name: Set hostname
      ansible.builtin.hostname:
        name: "{{ inventory_hostname }}"
    - name: Add host entry to /etc/hosts
      ansible.builtin.lineinfile:
        path: /etc/hosts
        regexp: "^127.0.0.1 .*"
        line: "127.0.0.1 {{ inventory_hostname }} {{ inventory_hostname.split('.')[0] }}"
        state: present