- name: Erstelle einen neuen User mit Sudo-Rechten
  user:
    name: "{{ user_name }}"
    password: "{{ lookup('pipe', 'op read \"op://' + op_password_path + '\"') | password_hash('sha512') }}"
    state: present
    shell: /bin/bash
    groups: wheel
    append: yes

- name: Erstelle den SSH-Ordner für den neuen User
  file:
    path: "/home/{{ user_name }}/.ssh"
    state: directory
    mode: '0700'
    owner: "{{ user_name }}"
    group: "{{ user_name }}"

- name: Setze die Berechtigungen für die authorized_keys-Datei
  file:
    path: "/home/{{ user_name }}/.ssh/authorized_keys"
    state: touch
    mode: '0600'
    owner: "{{ user_name }}"
    group: "{{ user_name }}"

- name: Add public keys as authorized_keys
  copy:
    src: files/authorized_keys
    dest: "/home/{{ user_name }}/.ssh/authorized_keys"
  
- name: Grant passwordless sudo privileges to the user
  lineinfile:
    path: /etc/sudoers
    regexp: "^{{ user_name }} "
    line: "{{ user_name }} ALL=(ALL) NOPASSWD: ALL"
    validate: visudo -cf %s

- name: Ensure Docker group exists
  ansible.builtin.group:
    name: docker
    state: present

- name: Add user to Docker group
  ansible.builtin.user:
    name: "{{ user_name }}"
    groups: docker
    append: yes

- name: Enable and start Docker service
  ansible.builtin.service:
    name: docker
    state: started
    enabled: yes

- name: Entferne den Root-SSH-Zugang
  lineinfile:
    path: /etc/ssh/sshd_config
    regexp: '^PermitRootLogin'
    line: 'PermitRootLogin no'
    state: present
  notify:
    - restart sshd