- name: Update hostname to match Ansible inventory
  hostname:
    name: "{{ inventory_hostname }}"
  tags:
    - role::common

- name: Update /etc/hosts to match Ansible inventory
  template:
    src: etc-hosts.j2
    dest: /etc/hosts
    mode: '0644'
    owner: root
    group: root
  tags:
    - role::common

- name: Disable SSH password authentication
  lineinfile:
    dest: /etc/ssh/sshd_config
    regexp: "^PasswordAuthentication"
    line: "PasswordAuthentication no"
    state: present
  notify:
    - Restart ssh
  tags:
    - role::common

- name: Set timezone to UTC
  file:
    src: /usr/share/zoneinfo/Etc/UTC
    dest: /etc/localtime
    mode: '0644'
    owner: root
    group: root
  notify:
    - Restart systemd-timesyncd
  tags:
    - role::common

- name: Create sudoers lecture
  template:
    src: sudo_lecture.j2
    dest: /etc/sudo_lecture
    mode: '0644'
    owner: root
    group: root
  tags:
    - role::common

- name: Add sudoers lecture path
  lineinfile:
    dest: /etc/sudoers
    regexp: '^Defaults +?lecture_file ?= ?".+?"$'
    line: 'Defaults    lecture_file = "/etc/sudo_lecture"'
    state: present
    validate: /usr/sbin/visudo -cf %s
  tags:
    - role::common

- name: Configure MOTD
  template:
    src: motd.j2
    dest: /etc/motd
    mode: '0644'
    owner: root
    group: root
  tags:
    - role::common