---
### Switch to non-default user as soon as possible if possible
#- name: does primary login user exist?
#  local_action: "command ssh -q -o ConnectTimeout=3 -l {{ create_users[0].name }} {{ inventory_hostname }} /bin/true"
#  register: user_exists
#  ignore_errors: true
#  changed_when: false
#
#- name: switch remote_user if possible
#  remote_user: "{{ user_exists | success | ternary(omit, create_users[0].name) }}"
#  command: "/bin/true"
#  changed_when: false

### Set hostname
- name: set hostname
  hostname: name={{ inventory_hostname }}
  when: inventory_hostname is defined and ansible_nodename is defined

- name: update /etc/hosts with new hostname
  lineinfile:
    dest=/etc/hosts
    regexp="^{{ ansible_default_ipv4.address }}"
    line="{{ ansible_default_ipv4.address }}{{'\t'}}{{ inventory_hostname }}.local{{'\t'}}{{ inventory_hostname }}"
    state=present

- name: get rid of default 127.0.1.1 binding
  lineinfile:
    dest=/etc/hosts
    regexp="^127.0.1.1"
    state=absent

### Configure /etc/hosts
- name: ensure that all local hosts are in /etc/hosts
  lineinfile:
    dest=/etc/hosts
    line="{{ item.ip }}{{'\t'}}{{ item.name }}.local{{'\t'}}{{ item.name }}"
    state=present
  with_items: "{{etc_hosts_contents}}"

### Set timezone
- name: set /etc/timezone to America/Los_Angeles
  copy: src=etc/timezone
        dest=/etc/timezone
        owner=root
        group=root
        mode=0644
        backup=yes
  notify:
      - changed timezone

### Uninstall Raspbian bloat
- name: remove raspbian bloat
  apt:
    name="{{ item }}"
    state=absent
  with_items:
    - wolfram-engine
    - libreoffice*
    - scratch
    - minecraft-pi
    - python-minecraftpi 
    - python3-minecraftpi
    - sonic-pi
    - dillo
    - gpiciew
    - penguinspuzzle

### Install required software
- name: install basic software environment
  apt:
    name="{{ item }}"
    state=present
    update_cache=yes
  with_items:
    - vim
    - git
    - python-pip

### Create user accounts
- name: create users
  user: name="{{ item.name }}"
        comment="{{ item.comment }}"
        group="{{ item.group }}"
        groups="{{ item.groups }}"
        uid="{{ item.uid }}"
        state=present
        shell=/bin/bash
  with_items: "{{ create_users }}"
  tags: [ 'users' ]

- name: install ssh pubkeys for new users
  authorized_key: user="{{ item.name }}"
                  key="{{ item.pubkey }}"
                  state=present
  with_items: "{{ create_users }}"
  tags: [ 'users' ]

### disable the 'pi' user's ability to login in with password
### if you enable this, you may lock yourself out--you must make sure another
### user has been added with both sudo privileges and a password by which
### sudo can be authenticated
#- name: disable 'pi' user
#  user: name="pi"
#        password="*"
#        state=present
#  tags: [ 'users' ]