From 2477896834d6914e53ea3f6f9c9b6bdd5d194d9a Mon Sep 17 00:00:00 2001
From: Stefan Haun <tux@netz39.de>
Date: Tue, 24 Nov 2020 19:21:43 +0100
Subject: [PATCH] Add tasks for user management

---
 tasks/users.yml | 48 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)
 create mode 100644 tasks/users.yml

diff --git a/tasks/users.yml b/tasks/users.yml
new file mode 100644
index 0000000..becf453
--- /dev/null
+++ b/tasks/users.yml
@@ -0,0 +1,48 @@
+---
+- name: Add users | create users, shell, home dirs
+  user:
+    name: "{{ item }}"
+    shell: /bin/bash
+    createhome: yes
+    comment: 'created with ansible'
+    password_lock: true
+    append: true
+  with_items:
+    - "{{ admin_users }}"
+
+- name: Create .ssh user directories
+  file:
+    path: "{{ '/home/' + item + '/.ssh'  }}"
+    state: directory
+    mode: "0700"
+    owner: "{{ item }}"
+    group: "{{ item }}"
+  with_items:
+    - "{{ admin_users }}"
+
+- name: Set authorized keys for users
+  copy:
+    src: "{{'users/' + item + '_authorized_keys'}}"
+    remote_src: no
+    dest: "{{ '/home/' + item + '/.ssh/authorized_keys' }}"
+    mode: "0600"
+    owner: "{{ item }}"
+    group: "{{ item }}"
+  with_items:
+    - "{{ admin_users }}"
+
+- name: Place users in sudo group
+  user:
+    name: "{{ item }}"
+    groups: sudo
+    append: yes
+  with_items:
+    - "{{ admin_users }}"
+
+- name: Configure group sudo for sudoers without password
+  lineinfile:
+    path: /etc/sudoers
+    state: present
+    regexp: '^%sudo\s'
+    line: '%sudo ALL=(ALL) NOPASSWD: ALL'
+    validate: /usr/sbin/visudo -cf %s