---
- name: Set up authorized_keys for the root user
  authorized_key:
    user: 'root'
    key: "{% for key in query('fileglob', 'public_keys/*.pub') %}{{ lookup('file', key) ~ '\n'}}{% endfor %}\n{% for key in lookup('vars', 'extra_root_ssh_authorized_keys', default=[]) %}{{ key ~ '\n' }}{% endfor %}"
    exclusive: true

- name: Remove ubuntu user
  user:
    name: ubuntu
    state: absent
    remove: yes

- name: Remove debian user
  user:
    name: debian
    state: absent
    remove: yes

- name: Create jenkins user
  when: jenkins_user | bool
  user:
    name: 'jenkins'

- name: Set up authorized_keys for the jenkins user
  when: jenkins_user | bool
  authorized_key:
    user: 'jenkins'
    # yamllint disable-line rule:line-length
    key: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDA3fwpioVLDoCQsQkYK5bOwPb8N0EXeYm2MleBQTfqxtKaqWWbmUtFXAiyclKHRspjcAiIKwwqLyhPopHBqJzmXnB0GsfGmxXJ6wSBgKJ4kdBVRM+nKlK0wCl1oQkFeV/Xl3jzt1Ey96XiNWlesfkvgcMCpsJzQ7/xRb9IcghskzlQbLOwDNir/156JgAYUYvOLqNCcE+xcgPxJGanfZDXTLkfBYxaeaB8isBPeEU6fhPvu/W055M1uB7E0qhcbFtuKCBu1Fg4jzsW4yDU8+ZB1b5mAXwEAuMbVGMrOf4rjtTpGpQd6XFsXpFT28NU1u5j2cUbtANJalkNDX/UY6XJ jenkins@ci-master-02'
- name: Remove jenkins sudoers file
  file:
    path: "/etc/sudoers.d/jenkins"
    state: absent