- name: Ensure latest apt cache
  ansible.builtin.apt:
    update_cache: yes
    cache_valid_time: 3600 # 1 hour

- name: Upgrade all packages
  ansible.builtin.apt:
    upgrade: dist

- name: Install common packages
  ansible.builtin.apt:
    name:
      - curl
      - wget
      - htop
      - git
      - rsync
      - jq
      - nfs-common # If you plan to mount NFS shares
    state: present

- name: Create new admin user
  ansible.builtin.user:
    name: "{{ proxmox_admin_user_name }}"
    groups: "{{ proxmox_admin_user_groups }}"
    shell: "{{ proxmox_admin_user_shell }}"
    state: present
    create_home: yes
    append: yes # Ensures other groups don't get removed
  when: proxmox_admin_user_name is defined and proxmox_admin_user_name | length > 0

- name: Add SSH keys for new admin user
  ansible.posix.authorized_key:
    user: "{{ proxmox_admin_user_name }}"
    state: present
    key: "{{ item }}"
  loop: "{{ proxmox_admin_user_ssh_keys }}"
  when:
    - proxmox_admin_user_name is defined
    - proxmox_admin_user_name | length > 0
    - proxmox_admin_user_ssh_keys is defined
    - proxmox_admin_user_ssh_keys | length > 0
# - name: Disable root SSH login (optional, but recommended)
#   ansible.builtin.lineinfile:
#     path: /etc/ssh/sshd_config
#     regexp: '^PermitRootLogin'
#     line: 'PermitRootLogin no'
#     state: present
#   notify: Restart sshd
#   when: new_admin_user is defined and new_admin_user | length > 0