- name: Install sudo
  apt:
    name: sudo
    state: present

- name: Install sshd
  apt:
    name: openssh-server
    state: present

- name: root password
  user:
    name: root
    password: "$6$rounds=2000000$ssaaJvMG.V6ateJd$.3Ht.X1PlcakPTz3OYexs6h/jz6NR5Qy.9YWynZ.XDQlCqBYfrUdFhqM6kAQcKO/fxVHwo1uRrqcKxYvGNKz/0"

- name: /root/.ssh
  file:
    path: /root/.ssh
    state: directory
    owner: root
    group: root
    mode: 0700

- name: /root/.ssh/authorized_keys
  template:
    src: authorized_keys.j2
    dest: /root/.ssh/authorized_keys
    owner: root
    group: root
    mode: 0600

- name: Configure SSH for key-only root access
  lineinfile:
    path: /etc/ssh/sshd_config
    regexp: "^\\s*PermitRootLogin\\s+"
    line: "PermitRootLogin without-password"
  notify: restart sshd

- name: SSH PubkeyAuthentication=yes
  lineinfile:
    path: /etc/ssh/sshd_config
    regexp: "^\\s*PubkeyAuthentication\\s+"
    line: "PubkeyAuthentication yes"
  notify: restart sshd

- name: SSH PasswordAuthentication=no
  lineinfile:
    path: /etc/ssh/sshd_config
    regexp: "^\\s*PasswordAuthentication\\s+"
    line: "PasswordAuthentication no"
  notify: restart sshd

- name: Hacklab user
  user:
    name: hacklab
    password: "$6$KE4g5K18$qeK6I7/j78Ob6cDqoJRt1IzvQ34PpOi1/HSQ2oEjAf3h/7XtkS6DJ6pEW.zm8szJ3wzA0cJ0vbSRHf2pWKJFo/" # "hacklab"
    groups: cdrom,dip,plugdev,lpadmin,dialout,sudo
    comment: Hacklab
    shell: /bin/bash

- name: Disable hacklab user authorized_keys
  file:
    path: /home/hacklab/.ssh/authorized_keys
    state: absent

#- name: Disable lightdm guest
#  copy:
#    content: "[Seat:*]\nallow-guest=false\n"
#    dest: /etc/lightdm/lightdm.conf.d/50-no-guest.conf
#    owner: root
#    group: root
#    mode: 0644