---
- name: bootstrap
  hosts: all
  remote_user: richard
  gather_facts: false
#  become: true

  vars:
    authorized_ssh_keys:

  pre_tasks:
#    - raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal)
    - setup: # aka gather_facts
    - name: Creates .ssh directory
      file: path=~/.ssh state=directory mode=700

#    - name: remove ubuntu user if it exists
#      command: userdel -rf ubuntu
#      args:
#        removes: /home/ubuntu/.bashrc

    - debug: var=ansible_os_family
      run_once: true

    - debug: var=ansible_architecture
      run_once: true

  tasks:
    - name: ping
      ansible.builtin.ping:

    - name: Add the user 'ansible'
      become: true
      ansible.builtin.user:
        name: ansible
        state: present
        shell: /bin/bash
        create_home: yes
        password: "$6$7z7PfYwduXom0o73$DEiy3K15URNNjmKkOQIwx8/mFKArUNYkFn8D/4q6t/eP9hf1X9jnG4YuSjI7q1Dnp1HwukZUxZY7cF2JK5DO/."
        uid: "1001"
        groups:
          - sudo

    - name: Add the user 'richard'
      become: true
      ansible.builtin.user:
        name: richard
        state: present
        shell: /bin/bash
        create_home: yes
        password: "$6$yNKLUxX0$lxy/jaJI7cKCq5j.KondUalu9r96gUeRR//5qciZ/RX9z9PGSpbU9j7OsxaOzqV5uLeQ9ouIe8quo/2YqKE46/"
        uid: "1000"
        groups:
          - sudo

    - name: Add the authorized key for 'ansible'
      become: true
      ansible.posix.authorized_key:
        user: ansible
        state: present
        exclusive: yes
        key: !vault |
           $ANSIBLE_VAULT;1.1;AES256
           64646433313163316163633030333230653437336365363433656332323463376233306162316139
           6531393536343433653164666162373930393630376564310a393232323031633037313335356432
           62323763663334393339366537393931613161323537323030623234633631613030623864663162
           3331373335326664310a313233306233373932323138343866623836646132363135653064636635
           35616130343963663633623634626434633366393862376562393963343935623236313736656635
           39343033306163343337313365393635306364653234343031373432346238366162313864616264
           35313263646331303939376232383062323138373535633739393935396434313230613764363536
           62346364326130386636353435626162636530353634316234386633613333626266353665356239
           34626339333733333530373830623764613136363337653061663436633639346532306663303930
           33313638363939373364373739396330666332353232663661373263373036636634323765633032
           64346134356161383333313665356463363332613237313032656236303130323936333266333732
           39656435356234353262373430633331316265316236386564326364616565666364666535353864
           66313031366566396339333338333338386161303130303361396263396562623231313463623864
           62666132613033633733336434373161316664626531336363306664373131303937383066363066
           636534343631376365633666316534663932

    - name: Add the authorized key for 'richard'
      become: true
      ansible.posix.authorized_key:
        user: richard
        state: present
#        key: "{{ lookup('file', '/home/richard/.ssh/id_rsa.pub') }}"
        key: "{{ item }}"
      with_file:
        - '/home/richard/.ssh/id_rsa.pub'

    - name: add ansible to sudoers
      become: true
      lineinfile:
        dest: /etc/sudoers
        state: present
        regexp: '^ansible ALL='
        line: 'ansible ALL=(ALL) NOPASSWD: ALL'
        validate: 'visudo -cf %s'