- name: Install useful software
  ansible.builtin.apt:
    name: "{{ packages }}"
    state: present
    update_cache: true

- name: Install GPG
  ansible.builtin.apt:
    name: gpg
    state: present

- name: Manage root authorized_keys
  ansible.builtin.template:
    src: authorized_keys.j2
    dest: /root/.ssh/authorized_keys
    mode: 0400
  when: authorized_keys is defined

- name: Create system users
  ansible.builtin.user:
    name: "{{ item.name }}"
    state: present
    shell: "{{ item.shell | default('/bin/bash') }}"
    create_home: "{{ item.home | default(false) }}"
  loop: "{{ users }}"
  when: users is defined

- name: Set authorized_keys for system users
  ansible.posix.authorized_key:
    user: "{{ item.key }}"
    key: "{{ item.value.key }}"
    state: present
  loop: "{{ users }}"
  when: users is defined and item.value.key is defined

- name: Manage filesystem mounts
  ansible.posix.mount:
    path: "{{ item.path }}"
    src: "UUID={{ item.uuid }}"
    fstype: "{{ item.fstype }}"
    state: mounted
  loop: "{{ mounts }}"
  when: mounts is defined