oneryalcin/add_deploy_user.yml

## add_deploy_user.yml

######### ansible.cfg FILE ############

[defaults]
inventory = ./dev


######### DEV FILE ############
# Dev file
[servers]
server01

[servers:vars]
ansible_user=root
ansible_python_interpreter=/usr/bin/python3


######### main yml file ############
---
- hosts: all
  become: true
  gather_facts: true

  roles:
    - user_setup

######### VARS FILE in user_setup role ############
---
# vars file for system-setup
deploy_user: Enter the user here


######### TASKS FILE in user_setup role ############
---
# tasks file for system-setup
- name: Make sure whe have a 'wheel' group
  group:
    name: wheel
    state: present

- name: Allow 'wheel' group to have passwordless sudo
  lineinfile:
    dest: /etc/sudoers
    state: present
    regexp: '^%wheel'
    line: '%wheel ALL=(ALL) NOPASSWD: ALL'
    validate: 'visudo -cf %s'

- name: Create a new user {{ deploy_user }} with sudo rights
  user:
    name: "{{ deploy_user }}"
    state: present
    createhome: yes
    comment: "Charta User"
    groups: wheel
    shell: /bin/bash
    # password: "{{ deploy_pass | password_hash('sha512') }}"
    generate_ssh_key: yes
    ssh_key_bits: 2048
    ssh_key_file: .ssh/id_rsa


- name: Deploy SSH Key for {{ deploy_user }}
  authorized_key:
    user: "{{ deploy_user }}"
    key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
    state: present

- name: Disable Password Authentication
  lineinfile:
    path: /etc/ssh/sshd_config
    regexp: '^PasswordAuthentication'
    line: "PasswordAuthentication no"
    state: present
    backup: yes
  notify:
     - restart ssh

- name: Disable Root Login
  lineinfile:
    path: /etc/ssh/sshd_config
    regexp: '^PermitRootLogin'
    line: "PermitRootLogin no"
    state: present
    backup: yes
  notify:
    - restart ssh


######### HANDLERS FILE in user_setup role ############

# handlers file for system-setup
- name: restart ssh
  service:
      name: sshd
      state: restarted

	######### ansible.cfg FILE ############

	[defaults]
	inventory = ./dev


	######### DEV FILE ############
	# Dev file
	[servers]
	server01

	[servers:vars]
	ansible_user=root
	ansible_python_interpreter=/usr/bin/python3


	######### main yml file ############
	---
	- hosts: all
	become: true
	gather_facts: true

	roles:
	- user_setup

	######### VARS FILE in user_setup role ############
	---
	# vars file for system-setup
	deploy_user: Enter the user here


	######### TASKS FILE in user_setup role ############
	---
	# tasks file for system-setup
	- name: Make sure whe have a 'wheel' group
	group:
	name: wheel
	state: present

	- name: Allow 'wheel' group to have passwordless sudo
	lineinfile:
	dest: /etc/sudoers
	state: present
	regexp: '^%wheel'
	line: '%wheel ALL=(ALL) NOPASSWD: ALL'
	validate: 'visudo -cf %s'

	- name: Create a new user {{ deploy_user }} with sudo rights
	user:
	name: "{{ deploy_user }}"
	state: present
	createhome: yes
	comment: "Charta User"
	groups: wheel
	shell: /bin/bash
	# password: "{{ deploy_pass \| password_hash('sha512') }}"
	generate_ssh_key: yes
	ssh_key_bits: 2048
	ssh_key_file: .ssh/id_rsa


	- name: Deploy SSH Key for {{ deploy_user }}
	authorized_key:
	user: "{{ deploy_user }}"
	key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
	state: present

	- name: Disable Password Authentication
	lineinfile:
	path: /etc/ssh/sshd_config
	regexp: '^PasswordAuthentication'
	line: "PasswordAuthentication no"
	state: present
	backup: yes
	notify:
	- restart ssh

	- name: Disable Root Login
	lineinfile:
	path: /etc/ssh/sshd_config
	regexp: '^PermitRootLogin'
	line: "PermitRootLogin no"
	state: present
	backup: yes
	notify:
	- restart ssh


	######### HANDLERS FILE in user_setup role ############

	# handlers file for system-setup
	- name: restart ssh
	service:
	name: sshd
	state: restarted