- name: Make sure we have a 'wheel' group
  group:
    name: wheel
    state: present

- name: Allow 'wheel' group to have passwordless sudo
  lineinfile:
    dest: /etc/sudoers
    state: present
    regexp: '^%wheel'
    line: '%wheel ALL=(ALL) NOPASSWD: ALL'
    validate: visudo -cf %s

- name: Add sudoers users to wheel group
  user:
    name: clarkzjw
    groups: wheel
    append: yes

- name: Set authorized keys taken from url
  authorized_key:
    user: clarkzjw
    state: present
    key: https://github.com/clarkzjw.keys

- name: Add Tailscale GPG apt Key
  apt_key:
    url: https://pkgs.tailscale.com/stable/debian/bullseye.noarmor.gpg
    keyring: /usr/share/keyrings/tailscale-archive-keyring.gpg
    state: present

- name: Add Tailscale Repository
  get_url:
    url: https://pkgs.tailscale.com/stable/debian/bullseye.tailscale-keyring.list
    dest: /etc/apt/sources.list.d/tailscale.list

- name: Install Tailscale
  apt:
    name:
      - tailscale
    update_cache: true

- name: Disable Root Login
  lineinfile:
    dest: /etc/ssh/sshd_config
    regexp: '^PermitRootLogin yes'
    line: "PermitRootLogin no"
    state: present
    backup: yes

- name: Restart SSHD
  systemd:
    name: ssh
    enabled: true
    state: restarted
    daemon_reload: true