rolle ansible_user angelegt

roles/ansible_user/defaults/main.yml

@@ -0,0 +1,5 @@
+ansible_user_name: ansible
+ansible_user_groups: ["sudo"]
+ansible_user_shell: /bin/bash
+ansible_user_authorized_keys:
+  - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGFLrrjO6JzmLU5R7c3jZoUkAlqMwSfOXVN3NKBShTFL ansible"

roles/ansible_user/tasks/main.yml

@@ -0,0 +1,35 @@
+- name: Ensure ansible user exists
+  ansible.builtin.user:
+    name: "{{ ansible_user_name }}"
+    shell: "{{ ansible_user_shell }}"
+    groups: "{{ ansible_user_groups }}"
+    append: true
+    create_home: true
+
+- name: Configure passwordless sudo
+  ansible.builtin.copy:
+    dest: "/etc/sudoers.d/{{ ansible_user_name }}"
+    content: "{{ ansible_user_name }} ALL=(ALL) NOPASSWD:ALL\n"
+    owner: root
+    group: root
+    mode: '0440'
+
+- name: Ensure root .ssh directory exists
+  ansible.builtin.file:
+    path: /root/.ssh
+    state: directory
+    owner: root
+    group: root
+    mode: '0700'
+
+- name: Add SSH keys to root authorized_keys
+  ansible.builtin.authorized_key:
+    user: root
+    key: "{{ item }}"
+  loop: "{{ ansible_user_authorized_keys }}"
+
+- name: Add SSH keys to ansible user authorized_keys
+  ansible.builtin.authorized_key:
+    user: "{{ ansible_user_name }}"
+    key: "{{ item }}"
+  loop: "{{ ansible_user_authorized_keys }}"