---
  - name: System initialization
    hosts: localhost
    become: true
    tasks:
      - name: Make sure we have a 'wheel' group
        group:
          name: wheel
          state: present

      - name: Allow 'wheel' group to have passwordless sudo
        lineinfile:
          dest: /etc/sudoers
          state: present
          regexp: '^%wheel'
          line: '%wheel ALL=(ALL) NOPASSWD: ALL'
          validate: visudo -cf %s

      - name: Add sudoers users to wheel group
        user:
          name: clarkzjw
          groups: wheel
          append: yes
          shell: /bin/bash

      - name: Set authorized keys taken from url
        authorized_key:
          user: clarkzjw
          state: present
          key: https://github.com/clarkzjw.keys

      - name: Disable Root Login
        lineinfile:
          dest: /etc/ssh/sshd_config
          regexp: '^PermitRootLogin'
          line: "PermitRootLogin no"
          state: present
          backup: yes

      - name: Disable Password Login
        lineinfile:
          dest: /etc/ssh/sshd_config
          regexp: '^PasswordAuthentication'
          line: "PasswordAuthentication no"
          state: present
          backup: yes

      - name: Restart SSHD
        systemd:
          name: ssh
          enabled: true
          state: restarted
          daemon_reload: true