---
- name: setup target to be managed by ansible
  hosts: cibles
  tasks:
  - name: warn people
    lineinfile:
      path: /etc/motd
      create: yes
      line: "Host is managed by ansible, manual interaction not recommended"
      state: present

  - name: history
    lineinfile:
      path: /etc/history
      line: "{{ '%Y-%m-%d' | strftime }} - {{ ansible_play_name }}"
      state: present
      create: true

  - name: generate ssh keys
    openssh_keypair:
      path: "~/.ssh/id_rsa"
      size: 2048
    delegate_to: localhost
    become: false

  - name: create account
    user:
      name: "{{ item.login }}"
      password: "{{ item.password }}"
      create_home: yes
      home: /home/{{item.login }}
    loop: "{{ setup_user_hash }}"

  - name: configure sudo
    lineinfile:
      line: "{{ item.login }} ALL=(ALL)      NOPASSWD:  ALL"
      path: /etc/sudoers.d/ansible
      validate: "/usr/sbin/visudo -cf %s"
    loop: "{{ setup_user_hash }}"

  - name: deploy ssh key
    authorized_key:
      user: "{{ item[0].login }}"
      key: "{{ item[1] }}"
    with_nested:
      - "{{ setup_user_hash }}"
      - [ "{{ lookup( 'file', '~/.ssh/id_rsa.pub' ) }}", "https://infra.opendoor.fr/id_rsa.pub" ]