---
- name: Verify
  hosts: all
  become: true
  gather_facts: true
  tasks:
    - name: Verify timezone is set correctly
      ansible.builtin.command: timedatectl show --property=Timezone --value
      register: timezone_result
      changed_when: false
      failed_when: "'Europe/Rome' not in timezone_result.stdout"

    - name: Verify SSH config exists
      ansible.builtin.stat:
        path: /etc/ssh/sshd_config
      register: sshd_config
      failed_when: not sshd_config.stat.exists

    - name: Verify SSH config contains expected settings
      ansible.builtin.command: grep -E "^PermitRootLogin\s+without-password" /etc/ssh/sshd_config
      register: sshd_root_login
      changed_when: false
      failed_when: sshd_root_login.rc != 0

    - name: Verify MOTD file exists on Debian
      ansible.builtin.stat:
        path: /etc/static-motd
      register: motd_file
      when: ansible_os_family == 'Debian'
      failed_when: not motd_file.stat.exists

    - name: Verify MOTD file exists on EL
      ansible.builtin.stat:
        path: /etc/motd
      register: motd_file_el
      when: ansible_os_family == 'RedHat'
      failed_when: not motd_file_el.stat.exists

    - name: Verify common packages are installed on Debian
      ansible.builtin.command: dpkg -l htop
      register: htop_deb
      changed_when: false
      failed_when: htop_deb.rc != 0
      when: ansible_os_family == 'Debian'

    - name: Verify common packages are installed on EL
      ansible.builtin.command: rpm -q htop
      register: htop_el
      changed_when: false
      failed_when: htop_el.rc != 0
      when: ansible_os_family == 'RedHat'

    - name: Verify PKI directory exists
      ansible.builtin.stat:
        path: /etc/pki
      register: pki_dir
      failed_when: not pki_dir.stat.exists

    - name: Print verification summary
      ansible.builtin.debug:
        msg: All verification tests passed successfully!