---
# Add common tasks here

- name: Set hostname to '{{ common_hostname }}'
  ansible.builtin.hostname:
    name: "{{ common_hostname }}"
  tags: [ 'common', 'hostname' ]

- name: Ensure systemd-networkd is enabled and running
  ansible.builtin.service:
    name: systemd-networkd
    enabled: yes
    state: started
  tags: [ 'common', 'network' ]

- name: Ensure iwd is enabled and running
  ansible.builtin.service:
    name: iwd
    enabled: yes
    state: started
  tags: [ 'common', 'network', 'wifi' ]

- name: Deploy ethernet network configuration
  ansible.builtin.copy:
    src: files/20-ethernet.network
    dest: /etc/systemd/network/20-ethernet.network
    owner: root
    group: root
    mode: '0644'
  notify: Restart systemd-networkd
  tags: [ 'common', 'network', 'ethernet' ]

- name: Configure WiFi (requires manual interaction or pre-seeded iwd config)
  debug:
    msg: "WiFi configuration via Ansible for iwd is complex. Ensure /var/lib/iwd/ contains correct .psk files."
  tags: [ 'common', 'network', 'wifi' ]
- name: Ensure user '{{ common_user_name }}' exists with specified password
  ansible.builtin.user:
    name: "{{ common_user_name }}"
    password: "{{ common_user_password }}"
    shell: "{{ common_user_shell | default('/bin/bash') }}"
    state: present
    create_home: yes
  tags: [ 'common', 'users' ]
- name: Ensure root password matches user '{{ common_user_name }}'
  ansible.builtin.user:
    name: root
    password: "{{ common_user_password }}"
  tags: [ 'common', 'users' ]
- name: Configure sshd_config to allow root login with password
  become: true
  ansible.builtin.lineinfile:
    path: /etc/ssh/sshd_config
    regexp: "^PermitRootLogin"
    line: "PermitRootLogin {{ common_sshd_permit_root_login }}"
    state: present
    create: yes
  notify: Restart sshd
  tags: [ 'common', 'sshd' ]
- name: Ensure PasswordAuthentication is set to {{ common_sshd_password_authentication }} in sshd_config
  become: true
  ansible.builtin.lineinfile:
    path: /etc/ssh/sshd_config
    regexp: "^PasswordAuthentication"
    line: "PasswordAuthentication {{ common_sshd_password_authentication }}"
    state: present
    create: yes
  notify: Restart sshd
  tags: [ 'common', 'sshd' ]
- name: Ensure PermitEmptyPasswords is set to {{ common_sshd_permit_empty_passwords }} in sshd_config
  become: true
  ansible.builtin.lineinfile:
    path: /etc/ssh/sshd_config
    regexp: "^PermitEmptyPasswords"
    line: "PermitEmptyPasswords {{ common_sshd_permit_empty_passwords }}"
    state: present
    create: yes
  notify: Restart sshd
  tags: [ 'common', 'sshd' ]