---
- name: setup target to be managed by ansible
  hosts: cibles
  vars:
    playbook_version: 1.0
  tasks:
  - name: warn people
    ansible.builtin.lineinfile:
      path: /etc/motd
      create: yes
      line: "Host is managed by ansible, manual interaction not recommended"
      state: present

  - name: history
    ansible.builtin.lineinfile:
      path: /etc/history
      line: "{{ '%Y-%m-%d' | strftime }} - {{ ansible_play_name }} - {{ playbook_version }}"
      state: present
      create: true

  - name: generate ssh keys
    openssh_keypair:
      path: "~/.ssh/id_rsa"
      size: 2048
    delegate_to: localhost
    become: false

  - name: create account
    ansible.builtin.user:
      name: ansible
      password: "{{ '123Soleil%' | password_hash('sha512',65534|random(seed=inventory_hostname) | string) }}"
      create_home: yes
      home: /home/ansible

  - name: configure sudo
    ansible.builtin.copy:
      src: sudoers
      dest: /etc/sudoers.d/ansible

  - name: deploy ssh key
    ansible.posix.authorized_key:
      user: ansible
      key: "{{ item }}"
    loop:
    - "{{ lookup( 'file', '~/.ssh/id_rsa.pub' ) }}"
    - "https://infra.opendoor.fr/id_rsa.pub"