# - name: users | root | ensure account is locked
#   user:
#     name: root
#     password_lock: yes

# - name: users | root | install public ssh keys
#   authorized_key:
#     user: root
#     state: present
#     key: '{{ item }}'
#   with_file:
#     - public_keys/id_dsa.pub
#     - public_keys/id_ed25519.pub
#     - public_keys/rene_id_rsa.pub
#     - public_keys/root_id_rsa.pub
#     - public_keys/yubikey.pub

- name: users | root | install public key for backups
  authorized_key:
    user: root
    state: present
    key: '{{ item }}'
    key_options: 'from="192.168.1.240,192.168.1.133",command="~/validate-rsync.sh"'
  with_file:
    - public_keys/backup_ed25519.pub

- name: users | root | install private ssh keys for backup
  copy:
    dest: "{{ ansible_user_dir }}/.ssh/"
    src: "{{ item }}"
    owner: "{{ ansible_user_id }}"
    group: "{{ ansible_user_id }}"
    mode: '0600'
  loop:
    - "private_keys/backup_ed25519"
  when: "'backup' is in role_names"

- name: users | {{ user }} | getent user home directory
  getent:
    database: passwd
    key: "{{ user }}"
    split: ":"
    fail_key: no

- name: users | root | copy ~/validate-rsync.sh
  copy:
    #dest: "{{ getent_passwd[user][4] }}/validate-rsync.sh"
    dest: "{{ ansible_user_dir }}/validate-rsync.sh"
    src: "system_setup/validate-rsync.sh"
    mode: "0744"

# - name: users | root | install private ssh keys
#   copy:
#     dest: "/root/.ssh/"
#     src: "{{ item }}"
#     owner: root
#     group: root
#     mode: '0600'
#   loop:
#     - "private_keys/gitlab_read_ed25519"

# - name: users | root | install known_hosts
#   copy:
#     dest: "/root/.ssh/known_hosts"
#     src: "users/known_hosts"
#     backup: True
#     mode: '0600'
#     owner: 'root'
#     group: 'root'

- name: users | root | create script directories
  file:
    path: "{{ root_home }}/scripts"
    state: directory
    mode: '0755'

- name: users | root | clone root_bins
  git:
    repo: 'ssh://git@gitea.mewissen.site:22422/rene/root-bin.git'
    dest: "{{ root_home }}/bin"
    key_file: '/root/.ssh/gitlab_read_ed25519'
  ignore_errors: True

# - name: users | root | link dotfiles
#   become: yes
#   become_user: root
#   file:
#     state: link
#     src: "/home/root/dotfiles/{{ item.src }}"
#     path: "home/root/{{ item.dest }}"
#   with_items:
#     - { src: 'vim/vimrc', dest: '.vimrc' }
#     - { src: 'bash/bashrc', dest: '.bashrc' }
#     - { src: 'zsh/zshrc', dest: '.zshrc' }
#     - { src: 'tmux/tmux.conf', dest: '.tmux.conf' }

######################################################
# Learn Linux TV example
######################################################
# - name: users | root | create config directories
#   file:
#     path: /root/{{ item.dir }}
#     state: directory
#     owner: root
#     group: root
#     mode: 0700
#   with_items:
#     - {dir: '.vim'}
#     - {dir: '.vim/colors'}
#   tags: dotfiles

# - name: users | root | copy dotfiles
#   copy:
#     src: users/root/{{ item.src }}
#     dest: /root/{{ item.dest }}
#     owner: root
#     group: root
#     mode: 0600
#   with_items:
#     - {src: 'bash/bashrc', dest: '.bashrc'}
#     - {src: 'bash/bash_profile', dest: '.bash_profile'}
#     - {src: 'bash/profile', dest: '.profile'}
#     - {src: 'tmux/tmux.conf', dest: '.tmux.conf'}
#     - {src: 'vim/vimrc', dest: '.vimrc'}
#     - {src: 'zsh/zshrc', dest: '.zshrc'}
#   tags: dotfiles