# System Upgrade and package installation        
- import_tasks: tasks/apt_update_cache.yml
- import_tasks: tasks/apt_distupgrade.yml
- import_tasks: tasks/apt_install.yml

# User configuration
- name: Lock root user
  command: passwd -l root

- name: Add deploy user
  user: name={{ deploy_user_name }} shell=/bin/bash password=$6$yWHFPhqJ$Il28ddG4zxPC3FWeRZeRsE8Aj0bE1YuNN.QB08xxyBDXfj1bp2kK1PEWbCmQmgSCuzj7IP45SNxosc./mV9bB/

- name: Add deploy user to sudoers
  lineinfile: "dest=/etc/sudoers
              regexp='{{ deploy_user_name }} ALL'
              line='{{ deploy_user_name }} ALL=(ALL) NOPASSWD: ALL'
              state=present"

- import_tasks: tasks/ufw_tcp.yml

- name: Copy over the sshd_config file
  template: src=sshd_config.j2 dest=/etc/ssh/sshd_config owner=root group=root

- name: Copy over the timezone file
  template: src=timezone.j2 dest=/etc/timezone owner=root group=root
  notify: reconfigure tzdata

- name: Copy over the 20auto-upgrades file
  template: src=20auto-upgrades.j2
            dest=/etc/apt/apt.conf.d/20auto-upgrades
            owner=root
            group=root

- name: Copy over the 50unattended-upgrades file
  template: src=50unattended-upgrades.j2
            dest=/etc/apt/apt.conf.d/50unattended-upgrades
            owner=root
            group=root

- name: update locales
  lineinfile:
    dest: /etc/locale.gen
    regexp: "{{ item.regexp }}"
    line: "{{ item.line }}"
    state: "{{ item.state }}"
  with_items:
    - { regexp: '^#? ?en_GB.UTF-8 UTF-8', line: 'en_GB.UTF-8 UTF-8', state: present }
  notify:
    - rebuild locales