---
- name: Ensure aptitude installed
  ansible.builtin.apt:
    name: "aptitude"
    state: present
  tags:
    - apt
  become: true

- name: Ensure OS upgraded
  ansible.builtin.apt:
    upgrade: dist
  tags:
    - apt
    - update
    - os
  become: true

- name: Check if reboot is necessary
  register: reboot_required_file
  ansible.builtin.stat:
    path: /var/run/reboot-required
    get_checksum: false
  tags:
    - os
    - reboot
  notify: Reboot host

- name: All system packages updated
  ansible.builtin.apt:
    name: "*"
    state: latest # noqa package-latest
  tags:
    - apt
    - update
    - packages
  become: true

- name: Set correct timezone
  community.general.timezone:
    name: "{{ system_timezone }}"
  when: "system_timezone"
  tags:
    - timezone
  become: true

- name: Create necessary groups
  ansible.builtin.group:
    name: "{{ item }}"
    state: present
  loop: "{{ system_users | map(attribute='groups') | flatten | unique }}"
  when: "system_users"
  tags:
    - groups
  become: true

- name: Set up system users
  ansible.builtin.user:
    name: "{{ item.name }}"
    groups: "{{ item.groups }}"
    append: "{{ item.append | default(true) }}"
    create_home: "{{ item.create_home | default(false) }}"
    shell: "{{ item.shell | default('/bin/bash') }}"
  loop: "{{ system_users }}"
  when: "system_users"
  tags:
    - users
    - groups
  become: true

- name: Add authorized SSH keys
  ansible.posix.authorized_key:
    user: "{{ item.0.name }}"
    state: present
    key: "{{ item.1 }}"
  loop: "{{ system_users | subelements('authorized_keys', skip_missing=True) }}"
  when: system_users is defined
  tags:
    - ssh
  become: true