- name: "Update package cache"
  apt:
    update_cache: "yes"

- name: "Upgrade to the latest packages"
  apt:
    upgrade: "dist"
    autoremove: "yes"

- name: "Install packages"
  apt:
    name: "{{ apt_packages }}"
    state: "present"

- name: "Allow tcp traffic on defined ports"
  ufw:
    rule: "allow"
    port: 22
    proto: "tcp"

- name: "Lock root user"
  command: "passwd -l root"

- name: "Add deploy user"
  user:
    name: "{{ deploy_user_name }}"
    shell: "/bin/bash"

- name: "Add authorized keys for deploy user"
  authorized_key:
    user: "{{ deploy_user_name }}"
    key: "{{ lookup('file', item) }}"
  with_items: "{{ deploy_public_key }}"

- name: "Add deploy user to sudoers"
  lineinfile: "dest=/etc/sudoers
              regexp='{{ deploy_user_name }} ALL'
              line='{{ deploy_user_name }} ALL=(ALL) NOPASSWD: ALL'
              state=present"

- name: "Blacklist the floppy driver module"
  kernel_blacklist:
    name: "floppy"
    state: "present"
  notify: "reconfigure initramfs"

- name: "Unload the floppy driver module"
  modprobe:
    name: "floppy"
    state: "absent"