---
- name: Basic setup for shamash (packages, Docker, Nix, sshd)
  hosts: misc
  tasks:
    - name: Create /etc/pbri
      become: true
      ansible.builtin.file:
        path: /etc/pbri
        state: directory
        mode: u=rwx,g=rx,o=rx
    - name: Create /home/paul/{Sites,Source}
      become: true
      ansible.builtin.file:
        path: "/home/paul/{{ item }}"
        state: directory
        owner: paul
        group: paul
        mode: u=rwx,g=rx,o=rx
      loop:
        - Sites
        - Source
    - name: Install basic packages
      become: true
      ansible.builtin.apt:
        name:
          - vim
          - git
          - htop
          - tmux
        update_cache: true
      tags:
        - apt
    - name: Install and set up Docker and docker-compose
      ansible.builtin.include_role:
        name: docker
    - name: Install and set up Nix
      ansible.builtin.include_role:
        name: install_nix
    - name: Install pip prerequisites
      become: true
      ansible.builtin.apt:
        name:
          - python3-pip
          - python3-setuptools
          - python3-virtualenv
    - name: Install global python docker package
      become: true
      ansible.builtin.pip:
        name:
          - docker
          - docker-compose
          - requests
    - name: Configure sshd
      become: true
      ansible.builtin.copy:
        dest: /etc/ssh/sshd_config.d/00_pbri.conf
        mode: u=rw,g=r,o=r
        # Included by /etc/ssh/sshd_config before other configuration
        content: |
          Port 2309
          PermitRootLogin no
          PubkeyAuthentication yes
          AuthorizedKeysFile .ssh/authorized_keys
          PasswordAuthentication no
        validate: /usr/sbin/sshd -T -f %s
      notify:
        - Restart sshd

  handlers:
    - name: Restart sshd
      become: true
      ansible.builtin.service:
        name: sshd
        state: restarted