---
  - name: Test root password
    ignore_errors: yes
    register: root_password_test
    vars:
      ansible_become_user: "{{ item }}"
      ansible_become_method: su
      ansible_become_password: "{{ passwords[inventory_hostname] }}"
    become: yes
    command: id
    loop:
      - root
      - "{{ ansible_user_id }}"

  - name: Define passwords
    ignore_errors: yes
    vars:
      ansible_become_user: "root"
      ansible_become_password: "{{ passwords[inventory_hostname] }}"
    become: yes
    when: root_password_test.rc is not defined or root_password_test.rc != 0
    command:
      cmd: /bin/bash -l -c "echo '{{item}}:{{ passwords[inventory_hostname] }}' | chpasswd {{ item }}"
    loop:
      - root
      - "{{ ansible_user_id }}"

  - name: Ensure deploy user has sudo permissions.
    vars:
      ansible_become_method: su
      ansible_become_password: "{{ passwords[inventory_hostname] }}"
    become: yes
    copy:
      dest: /etc/sudoers.d/basics
      content: "{{ ansible_user_id }} ALL=(ALL) NOPASSWD: ALL\n"

  - name: Ensure we include /etc/sudoers.d (Current)
    vars:
      ansible_become_method: su
      ansible_become_password: "{{ passwords[inventory_hostname] }}"
    become: yes
    when: ansible_architecture != "armv6l"
    lineinfile:
      path: /etc/sudoers
      regexp: "includedir /etc/sudoers.d"
      line: "@includedir /etc/sudoers.d"

  - name: Ensure we include /etc/sudoers.d (Legacy)
    vars:
      ansible_become_method: su
      ansible_become_password: "{{ passwords[inventory_hostname] }}"
    become: yes
    when: ansible_architecture == "armv6l"
    lineinfile:
      path: /etc/sudoers
      regexp: "includedir /etc/sudoers.d"
      line: "#includedir /etc/sudoers.d"