---
# Add common tasks here

- name: Set hostname to '{{ common_hostname }}'
  ansible.builtin.hostname:
    name: "{{ common_hostname }}"
  tags: [ 'common', 'hostname' ]

- name: Configure WiFi connection '{{ common_wifi_connection_name }}'
  become: true
  ansible.builtin.command:
    cmd: >
      nmcli dev wifi connect "{{ common_wifi_ssid }}"
      password "{{ common_wifi_password }}"
      name "{{ common_wifi_connection_name }}"
  args:
    creates: "/etc/NetworkManager/system-connections/{{ common_wifi_connection_name }}.nmconnection"
  ignore_errors: true
  tags: [ 'common', 'network', 'wifi' ]

- name: Configure ethernet connection '{{ common_ethernet_con_name }}' with static IP, gateway, and DNS
  become: true
  ansible.builtin.command:
    cmd: >
      nmcli con add type ethernet ifname {{ common_ethernet_ifname }} con-name "{{ common_ethernet_con_name }}" ipv4.method manual ipv4.addresses {{ common_ethernet_ipv4_address }} ipv4.gateway {{ common_ethernet_ipv4_gateway }} ipv4.dns "{{ common_ethernet_ipv4_dns }}"
  args:
    creates: "/etc/NetworkManager/system-connections/{{ common_ethernet_con_name }}.nmconnection"
  ignore_errors: true
  tags: [ 'common', 'network', 'ethernet' ]
- name: Ensure user '{{ common_user_name }}' exists with specified password
  ansible.builtin.user:
    name: "{{ common_user_name }}"
    password: "{{ common_user_password }}"
    shell: "{{ common_user_shell | default('/bin/bash') }}"
    state: present
    create_home: yes
  tags: [ 'common', 'users' ]
- name: Ensure root password matches user '{{ common_user_name }}'
  ansible.builtin.user:
    name: root
    password: "{{ common_user_password }}"
  tags: [ 'common', 'users' ]
- name: Configure sshd_config to allow root login with password
  become: true
  ansible.builtin.lineinfile:
    path: /etc/ssh/sshd_config
    regexp: "^PermitRootLogin"
    line: "PermitRootLogin {{ common_sshd_permit_root_login }}"
    state: present
    create: yes
  notify: Restart sshd
  tags: [ 'common', 'sshd' ]
- name: Ensure PasswordAuthentication is set to {{ common_sshd_password_authentication }} in sshd_config
  become: true
  ansible.builtin.lineinfile:
    path: /etc/ssh/sshd_config
    regexp: "^PasswordAuthentication"
    line: "PasswordAuthentication {{ common_sshd_password_authentication }}"
    state: present
    create: yes
  notify: Restart sshd
  tags: [ 'common', 'sshd' ]
- name: Ensure PermitEmptyPasswords is set to {{ common_sshd_permit_empty_passwords }} in sshd_config
  become: true
  ansible.builtin.lineinfile:
    path: /etc/ssh/sshd_config
    regexp: "^PermitEmptyPasswords"
    line: "PermitEmptyPasswords {{ common_sshd_permit_empty_passwords }}"
    state: present
    create: yes
  notify: Restart sshd
  tags: [ 'common', 'sshd' ]