- name: Change hostname
  hostname:
    name: "{{ inventory_hostname }}"

- name: Update packages
  community.general.pacman:
    update_cache: yes
    upgrade: yes

- name: Install utility packages
  community.general.pacman:
    name:
      - neovim
      - neofetch
      - fish
      - htop
      - tmux
      - git
      - cronie
      - progress
      - rsync
      - man-db

    state: present

- name: Disable SSH password auth
  lineinfile:
    dest: /etc/ssh/sshd_config
    regexp: "^#PasswordAuthentication yes"
    line: "PasswordAuthentication no"
  register: sshd_config

- name: Change SSH port
  lineinfile:
    dest: /etc/ssh/sshd_config
    regexp: "^#Port 22"
    line: "Port {{ sshd_port }}"
  register: sshd_config

- name: Restart SSHD
  service:
    name: sshd
    state: restarted
  when: sshd_config.changed

- name: Disable root login
  user:
    name: root
    password: "*"

- name: Create unpriviledged user
  user:
    name: "{{ username }}"

- name: Deploy SSH key to unpriviledged user
  ansible.posix.authorized_key:
    user: "{{ username }}"
    state: present
    key: "{{ lookup('file', '~/.ssh/keys/{{ ansible_hostname }}.pub')}}"

- name: Deploy keyfile
  copy:
    src: k5e
    dest: /k5e
    mode: 0600

- name: Setup crypttab
  community.general.crypttab:
    backing_device: "{{ secondary_disk }}"
    name: disk
    state: present
    password: /k5e

- name: Decrypt secondary disk
  luks_device:
    device: "{{ secondary_disk }}"
    keyfile: /k5e
    name: disk
    state: opened

- name: Setup fstab
  mount:
    path: /mnt/disk
    src: /dev/mapper/disk
    state: mounted
    fstype: ext4