---
- hosts: all

  tasks:
    - name: "Ensure normal user exists called: {{ sysadmin_username }}."
      ansible.builtin.user:
        name: "{{ sysadmin_username }}"
        shell: /bin/bash
      register: new_sysadmin

    - name: Copy ssh directory
      ansible.builtin.copy:
        remote_src: true
        src: /root/.ssh
        dest: "/home/{{ sysadmin_username }}/"
        owner: "{{ sysadmin_username }}" 
        group:  "{{ sysadmin_username }}" 
      when: new_sysadmin.changed

    - name: Ensure doas is installed. 
      ansible.builtin.package:
        name: doas
        state: present

    - name: Configure doas.
      ansible.builtin.template: 
        src: doas.conf.j2
        dest: /etc/doas.conf

# Ubuntu requires setting a root password before `sudo` can be removed.
#   - name: Try removing sudo.
#     ansible.builtin.package:
#       name: sudo
#       state: absent
#     tags: test
#     environment:
#       SUDO_FORCE_REMOVE: yes

- import_playbook: ../../ssh.yml
- import_playbook: ../../linux.yml