---
- name: Include OS specific vars
  ansible.builtin.include_vars: "{{ lookup('first_found', params) }}"
  vars:
    params:
      files:
        - "{{ ansible_lsb.id | default('') | lower }}.yml"
        - "{{ ansible_os_family | lower }}.yml"
      paths:
        - "vars"
      errors: "ignore"
- name: Ensure secure defaults
  ansible.builtin.include_tasks: security.yml
- name: Configure bash
  ansible.builtin.include_tasks: bash.yml
- name: Configure users
  ansible.builtin.include_tasks: "{{ lookup('first_found', params) }}"
  vars:
    params:
      files:
        - "users_{{ ansible_lsb.id | default('') | lower }}.yml"
        - "users_{{ ansible_os_family | lower }}.yml"
        - "users_default.yml"
      paths:
        - "tasks"

- name: Set authorized_key for ssh users
  ansible.posix.authorized_key:
    user: "{{ item.name }}"
    key: "{{ item.sshkeys }}"
    exclusive: True
    state: present
  loop: "{{ users_default_users }}"
  loop_control:
    label: "{{ item.name }}"
  when: item.sshkeys is defined