- name: Erstelle einen neuen User mit Sudo-Rechten
  user:
    name: "{{ username }}"
    password: "{{ user_password | password_hash('sha512') }}"  # Das Passwort wird mit SHA-512 gehasht
    state: present
    shell: /bin/bash
    groups: wheel  # Gibt Sudo-Rechte
    append: yes

- name: Erstelle den SSH-Ordner für den neuen User
  file:
    path: "/home/{{ username }}/.ssh"
    state: directory
    mode: '0700'
    owner: "{{ username }}"
    group: "{{ username }}"

- name: Setze die Berechtigungen für die authorized_keys-Datei
  file:
    path: "/home/{{ username }}/.ssh/authorized_keys"
    state: touch
    mode: '0600'
    owner: "{{ username }}"
    group: "{{ username }}"

- name: Add public key to enable user ssh
  lineinfile:
    path: "/home/{{ username }}/.ssh/authorized_keys"
    line: '{{ ssh_public_key }}'
    state: present
  
- name: Grant sudo privileges to the user
  lineinfile:
    path: /etc/sudoers
    regexp: "^{{ username }} "
    line: "{{ username }} ALL=(ALL) ALL"
    validate: visudo -cf %s

- name: Entferne den Root-SSH-Zugang
  lineinfile:
    path: /etc/ssh/sshd_config
    regexp: '^PermitRootLogin'
    line: 'PermitRootLogin no'
    state: present
  notify:
    - restart sshd