- name: "Python is Python3"
  apt:
    name: "python-is-python3"
    state: "present"
  when:
    - ansible_facts['distribution_major_version'] | int >= 20
    - ansible_facts['distribution'] == "Ubuntu"

- name: "Upgrade to the latest packages"
  apt:
    upgrade: "dist"
    autoremove: "yes"
    update_cache: yes

- name: "Install packages"
  apt:
    name: "{{ apt_packages }}"
    state: "present"

- name: "Allow tcp traffic on defined ports"
  ufw:
    rule: "allow"
    port: "22"
    proto: "tcp"

- name: "Allow udp traffic on defined ports"
  ufw:
    rule: "allow"
    port: 60001:60099
    proto: "udp"

- name: "Enable UFW"
  ufw:
    state: "enabled"

- name: "Lock root user"
  command: "passwd -l root"

- name: Add deploy user
  user:
    name: "{{ common_deploy_user_name }}"
    shell: /bin/bash

- name: Add authorized keys for deploy user
  authorized_key:
    user: "{{ common_deploy_user_name }}"
    key: "{{ lookup('file', item) }}"
  with_items: "{{ common_deploy_public_key }}"

- name: Add deploy user to sudoers
  lineinfile:
    dest: "/etc/sudoers"
    regexp: "{{ common_deploy_user_name }} ALL"
    line: "{{ common_deploy_user_name }} ALL=(ALL) NOPASSWD: ALL"
    state: "present"

- name: "Download Pip"
  get_url:
    url: "https://bootstrap.pypa.io/get-pip.py"
    dest: "/tmp/get-pip.py"
    mode: "0644"

- name: "Install pip"
  command:
    cmd: "python3 /tmp/get-pip.py"