---
# tasks file for ansible_bootstrap

- name: "install python"
  raw: pacman -Sy && pacman python
- name: sudoers install
  pacman:
      state: present # not required. choices: absent;latest;present. Desired state of the package.
      name: sudo # not required. Name or list of names of the packages to install, upgrade, or remove.
      update_cache: true # not required. Whether or not to refresh the master package lists. This can be run as part of a package installation or as a separate step.
- name: create profil
  user:
      name: "{{username}}" # required. Name of the user to create, remove or modify.
      comment: undefined # not required. Optionally sets the description (aka I(GECOS)) of user account.
      skeleton: false # not required. Optionally set a home skeleton directory. Requires create_home option!
      create_home: yes # not required. Unless set to C(no), a home directory will be made for the user when the account is created or if the home directory does not exist.,Changed from C(createhome) to C(create_home) in version 2.5.
      password: undefined # not required. Optionally set the user's password to this crypted value.,On macOS systems, this value has to be cleartext. Beware of security issues.,See U(https://docs.ansible.com/ansible/faq.html#how-do-i-generate-crypted-passwords-for-the-user-module) for details on various ways to generate these password values.
      generate_ssh_key: no # not required. Whether to generate a SSH key for the user in question. This will B(not) overwrite an existing SSH key.
      system: no # not required. When creating an account C(state=present), setting this to C(yes) makes the user a system account. This setting cannot be changed on existing users.
      state: present # not required. choices: absent;present. Whether the account should exist or not, taking action if the state is different from what is stated.
      ssh_key_file: .ssh/id_rsa # not required. Optionally specify the SSH key filename. If this is a relative filename then it will be relative to the user's home directory.
      login_class: undefined # not required. Optionally sets the user's login class, a feature of most BSD OSs.
      hidden: undefined # not required. macOS only, optionally hide the user from the login window and system preferences.,The default will be 'True' if the I(system) option is used.
- name : set sudoers right
  lineinfile:
    dest: '/etc/sudoers.d/{{ bootstrap__sudo_group }}'
    regexp: '{{ item.regexp }}'
    line: '{{ item.line }}'
    state: 'present'
    create: True
    owner: 'root'
    group: 'root'
    mode: '0440'
    validate: 'visudo -cf "%s"'
  with_items:
    - regexp: '^Defaults: %{{ bootstrap__sudo_group }} !?requiretty'
      line:    'Defaults: %{{ bootstrap__sudo_group }} !requiretty'
    - regexp: '^Defaults: %{{ bootstrap__sudo_group }} env_check\s'
      line:    'Defaults: %{{ bootstrap__sudo_group }} env_check += "SSH_CLIENT"'
    - regexp: '^%{{ bootstrap__sudo_group }}\s'
      line:    '%{{ bootstrap__sudo_group }} ALL = (ALL:ALL) NOPASSWD: SETENV: ALL'


- name: Ensure /etc/sudoers includes /etc/sudoers.d
  lineinfile:
    dest: '/etc/sudoers'
    regexp: '^#includedir\s+/etc/sudoers.d$'
    line: '#includedir /etc/sudoers.d'
    state: 'present'
    validate: 'visudo -cf "%s"'