---

- name: Install sudo
  ansible.builtin.apt:
    name: sudo
    state: present

- name: Set-up the Ansible group
  ansible.builtin.group:
    name: ansible
    system: true

- name: Set-up the Ansible user
  ansible.builtin.user:
    name: ansible
    system: true
    group: ansible
    shell: /bin/bash

- name: Set-up authorized key for the Ansible user
  ansible.posix.authorized_key:
    user: ansible
    key: "{{ ansible_key }}"

- name: Set-up password-less sudo for the ansible user
  ansible.builtin.copy:
    src: "ansible_sudo"
    dest: "/etc/sudoers.d/ansible"
    mode: "0640"
    owner: root
    group: root

- name: Revoke rights for Ansible user to log-in as root to server via ssh
  ansible.posix.authorized_key:
    user: root
    key: "{{ ansible_key }}"
    state: absent

- name: Explicitly run all handlers
  ansible.builtin.include_tasks: ../handlers/main.yml
  when: "run_handlers | default(False) | bool()"
  tags:
    - handlers