---

- name: Install sudo
  apt:
    name: sudo
    state: present

- name: Set-up the Ansible group
  group:
    name: ansible
    system: true

- name: Set-up the Ansible user
  user:
    name: ansible
    system: true
    group: ansible
    shell: /bin/bash

- name: Set-up authorized key for the Ansible user
  authorized_key:
    user: ansible
    key: "{{ ansible_key }}"

- name: Set-up password-less sudo for the ansible user
  copy:
    src: "ansible_sudo"
    dest: "/etc/sudoers.d/ansible"
    mode: 0640
    owner: root
    group: root

- name: Revoke rights for Ansible user to log-in as root to server via ssh
  authorized_key:
    user: root
    key: "{{ ansible_key }}"
    state: absent

- name: Explicitly run all handlers
  include: ../handlers/main.yml
  when: "run_handlers | default(False) | bool()"
  tags:
    - handlers