- name: set the timezone
  timezone:
    name: America/Los_Angeles

- name: install common packages
  apt:
    name: [mosh, htop, tmux, unattended-upgrades]

- name: remove stupid bullshit that the cloud provider may have installed
  apt:
    name: [ufw]
    state: absent

- name: check which users exist
  ansible.builtin.user:
    name: "{{ item }}"
  loop: ["root", "finn", "debian"]
  check_mode: true
  register: users

- name: Ensure SSH key is set
  ansible.posix.authorized_key:
    user: "{{ item.item }}"
    state: present
    key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJs5PJ6jQF7Sx3T1b1+NBXt4JRsnjGnWv8+bCf4RpwGM finn@taint
  loop: "{{ users.results }}"
  loop_control:
    label: "{{ item.item }}"
  when: item.state | d('') == 'present'

- name: Invalidate old SSH key
  ansible.posix.authorized_key:
    user: "{{ item.item }}"
    state: absent
    key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDMaJrZWSrAYTaCoGhW+o8HivmBj5oZi7Dei73FtCl0d finn@taint
  loop: "{{ users.results }}"
  loop_control:
    label: "{{ item.item }}"
  when: item.state | d('') == 'present'