- name: Ensure sudo package is installed
  ansible.builtin.package:
    name: sudo
    state: present

- name: Ensure /etc/sudoers.d exists
  ansible.builtin.file:
    path: /etc/sudoers.d
    state: directory
    owner: root
    group: root
    mode: '0755'

- name: Configure passwordless sudo
  ansible.builtin.copy:
    dest: "/etc/sudoers.d/{{ ansible_user_name }}"
    content: "{{ ansible_user_name }} ALL=(ALL) NOPASSWD:ALL\n"
    owner: root
    group: root
    mode: '0440'

- name: Ensure ansible user exists
  ansible.builtin.user:
    name: "{{ ansible_user_name }}"
    shell: "{{ ansible_user_shell }}"
    groups: "{{ ansible_user_groups }}"
    append: true
    create_home: true

- name: Ensure root .ssh directory exists
  ansible.builtin.file:
    path: /root/.ssh
    state: directory
    owner: root
    group: root
    mode: '0700'

- name: Add SSH keys to root authorized_keys
  ansible.builtin.authorized_key:
    user: root
    key: "{{ item }}"
  loop: "{{ ansible_user_authorized_keys }}"

- name: Add SSH keys to ansible user authorized_keys
  ansible.builtin.authorized_key:
    user: "{{ ansible_user_name }}"
    key: "{{ item }}"
  loop: "{{ ansible_user_authorized_keys }}"