- name: Ensure apt cache is updated
  ansible.builtin.apt:
    update_cache: yes
    cache_valid_time: 3600
  become: true
  no_log: true
  when: ansible_os_family == "Debian"

- name: Install git
  ansible.builtin.apt:
    name: git
    state: present
  become: true
  no_log: true
  when: ansible_os_family == "Debian"

- name: Install Python pip (needed for ansible via pip)
  ansible.builtin.apt:
    name: python3-pip
    state: present
  become: true
  no_log: true
  when: ansible_os_family == "Debian"

- name: Create jarvis user with UID 1000
  ansible.builtin.user:
    name: jarvis
    uid: 1000
    shell: /bin/bash
    create_home: true
    groups: sudo
    append: true
  become: true

- name: Ensure jarvis .ssh directory exists
  ansible.builtin.file:
    path: /home/jarvis/.ssh
    state: directory
    owner: jarvis
    group: jarvis
    mode: "0700"
  become: true

- name: Copy root authorized_keys to jarvis
  ansible.builtin.copy:
    src: /root/.ssh/authorized_keys
    dest: /home/jarvis/.ssh/authorized_keys
    owner: jarvis
    group: jarvis
    mode: "0600"
    remote_src: true
  become: true

- name: Ensure jarvis has passwordless sudo
  ansible.builtin.lineinfile:
    path: /etc/sudoers.d/jarvis
    line: "jarvis ALL=(ALL) NOPASSWD:ALL"
    create: true
    mode: "0440"
    validate: "visudo -cf %s"
  become: true

- name: Install ansible via pip as jarvis
  ansible.builtin.pip:
    name: ansible
    state: present
    break_system_packages: true
  become: true
  no_log: true