# This playbook is meant to be a oneshot to be ran manually on the dev box
# The rest of the role stuff is meant to be ran as the admin user that
# this playbook creates for us
---
- hosts: nigel.local
  remote_user: nigel
  vars:
    admin:
      username: nigel
  tasks:
    - name: Copy the nigel admin key
      ansible.builtin.authorized_key:
        user: "{{ admin.username }}"
        state: present
        key: "{{ lookup('file', '~/.ssh/nigel/admin.pub') }}"
    - name: Prevent password based logins
      become: true
      ansible.builtin.lineinfile:
        dest: /etc/ssh/sshd_config
        line: PasswordAuthentication no
        state: present
        backup: true
    - name: Restart SSH Daemon
      become: true
      ansible.builtin.service:
        name: ssh
        state: restarted