- name: users | root | ensure account is locked
  user:
    name: root
    password_lock: yes

- name: users | root | install public ssh keys
  authorized_key:
    user: root
    state: present
    key: '{{ item }}'
  with_file:
    - public_keys/id_dsa.pub
    - public_keys/id_ed25519.pub
    - public_keys/rene_id_rsa.pub
    - public_keys/root_id_rsa.pub
    - public_keys/yubikey.pub

- name: users | root | install public key for backups
  authorized_key:
    user: root
    state: present
    key: '{{ item }}'
    key_options: 'from="192.168.1.240",command="~/validate-rsync.sh"'
  with_file:
    - public_keys/backup_ed25519.pub

- name: users | root | install private ssh keys
  copy:
    dest: "/root/.ssh/{{ item.dest }}"
    src: "{{ item.src }}"
    owner: root
    group: root
    mode: '0600'
  loop:
    - { src: "private_keys/gitlab_read_ed25519", dest: "gitlab_read_ed25519"}

- name: users | root | install known_hosts
  copy:
    dest: "/root/.ssh/known_hosts"
    src: "users/known_hosts"
    backup: True
    mode: '0600'
    owner: 'root'
    group: 'root'

- name: users | root | create script directories
  file:
    path: "{{ root_home }}/scripts"
    state: directory
    mode: '0755'

- name: users | root | clone root_bins
  git:
    repo: 'ssh://git@gitlab.social.my-wan.de:22422/rene/root-bin.git'
    dest: "{{ root_home }}/bin"
    key_file: '/root/.ssh/gitlab_read_ed25519'

######################################################
# Learn Linux TV example
######################################################
# - name: users | root | create config directories
#   file:
#     path: /root/{{ item.dir }}
#     state: directory
#     owner: root
#     group: root
#     mode: 0700
#   with_items:
#     - {dir: '.vim'}
#     - {dir: '.vim/colors'}
#   tags: dotfiles

# - name: users | root | copy dotfiles
#   copy:
#     src: users/root/{{ item.src }}
#     dest: /root/{{ item.dest }}
#     owner: root
#     group: root
#     mode: 0600
#   with_items:
#     - {src: 'bash/bashrc', dest: '.bashrc'}
#     - {src: 'bash/bash_profile', dest: '.bash_profile'}
#     - {src: 'bash/profile', dest: '.profile'}
#     - {src: 'tmux/tmux.conf', dest: '.tmux.conf'}
#     - {src: 'vim/vimrc', dest: '.vimrc'}
#     - {src: 'zsh/zshrc', dest: '.zshrc'}
#   tags: dotfiles