# Copyright 2019 Nokia

# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.


- name: Create Sudo user and ssh key pair for it.
  user:
    name: "{{ sudo_user }}"
    password: "{{ sudo_user_password }}"
    generate_ssh_key: yes
    ssh_key_bits: 2048
    ssh_key_file: .ssh/id_rsa
  tags:
    - ssh-key-generate

- name: Add to sudoer list
  copy:
    content: "{{ sudo_user }} ALL=(ALL) NOPASSWD:ALL"
    dest: "/etc/sudoers.d/{{ sudo_user }}"
    mode: 0440

- name: Fetch the generated public ssh key
  fetch:
    src: "/home/{{ sudo_user }}/.ssh/id_rsa.pub"
    dest: "/tmp/id_rsa.pub"
    flat: yes
  when: inventory_hostname == groups['all'][0]
  tags:
    - ssh-key-authorized

- name: Ensure sudo user's new public ssh key is in authorized_keys
  authorized_key:
    user: "{{ sudo_user }}"
    key: "{{ lookup('file','/tmp/id_rsa.pub') }}"
    manage_dir: no
    exclusive: yes
  tags:
    - ssh-key-authorized

- name: Populate authorized keys from config to sudo user
  authorized_key:
    user: "{{ sudo_user }}"
    key: "{{ sudo_user_authorized_keys | join('\n') }}"
    manage_dir: no
  tags:
    - configured-authorized-keys

- name: Ensure there is a private key /etc/userconfig/id_rsa in virtual env. Provide read permissions to all users
  file:
    path: "/etc/userconfig/id_rsa"
    mode: 0644
  when: facter_virtual == "kvm"

- name: Ensure root has a .ssh directory
  file:
    path: /root/.ssh
    state: directory
    owner: root
    group: root
    mode: 0700
  when: facter_virtual == "kvm"

- name: Copy /etc/userconfig/id_rsa /root/.ssh/id_rsa
  copy:
    src: /etc/userconfig/id_rsa
    dest: /root/.ssh/id_rsa
    owner: root
    group: root
    mode: 0400
  when: facter_virtual == "kvm"

- name: Default http config listens on port 80, comment it.
  lineinfile:
    path: "/etc/httpd/conf/httpd.conf"
    line: "Listen 80"
    state: "absent"