---
- name: Ensure that unprivileged user is present
  ansible.builtin.user:
    name: "{{ interactive_user }}"
    shell: /bin/bash
    home: "{{ interactive_home }}"
    password: "{{ interactive_password }}"
    groups: sudo
    create_home: true
    skeleton: /etc/skel
    append: true

- name: Check the primary key for the unprivileged user
  ansible.posix.authorized_key:
    user: "{{ interactive_user }}"
    key: "{{ lookup('file', '../home/ssh-keys/' ~ interactive_user ~ '/' ~ interactive_user ~ '-yubi-1.pub') }}"
    state: present
    exclusive: false
  register: setkey

- name: Re-set the primary key as exclusive, if we found that the key was not present yet # noqa: no-handler
  when: setkey.changed
  ansible.posix.authorized_key:
    user: "{{ interactive_user }}"
    key: "{{ lookup('file', '../home/ssh-keys/' ~ interactive_user ~ '/' ~ interactive_user ~ '-yubi-1.pub') }}"
    state: present
    exclusive: true

- name: Set the secondary key for the unprivileged user
  ansible.posix.authorized_key:
    user: "{{ interactive_user }}"
    key: "{{ lookup('file', '../home/ssh-keys/' ~ interactive_user ~ '/' ~ interactive_user ~ '-yubi-2.pub') }}"
    state: present
    exclusive: false

- name: Install required package to become unprivileged users
  ansible.builtin.apt:
    name: acl
    state: present