commit b711c459087af9ad2808cae1068cdf9ab2924c4c
Author: Stefan Mewes <stefan.mewes@mewes-chen.de>
Date:   Fri Nov 21 12:53:27 2025 +0100

    rolle ansible_user angelegt

diff --git a/roles/ansible_user/defaults/main.yml b/roles/ansible_user/defaults/main.yml
new file mode 100644
index 0000000..233a665
--- /dev/null
+++ b/roles/ansible_user/defaults/main.yml
@@ -0,0 +1,5 @@
+ansible_user_name: ansible
+ansible_user_groups: ["sudo"]
+ansible_user_shell: /bin/bash
+ansible_user_authorized_keys:
+  - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGFLrrjO6JzmLU5R7c3jZoUkAlqMwSfOXVN3NKBShTFL ansible"
\ No newline at end of file
diff --git a/roles/ansible_user/tasks/main.yml b/roles/ansible_user/tasks/main.yml
new file mode 100644
index 0000000..65404ec
--- /dev/null
+++ b/roles/ansible_user/tasks/main.yml
@@ -0,0 +1,35 @@
+- name: Ensure ansible user exists
+  ansible.builtin.user:
+    name: "{{ ansible_user_name }}"
+    shell: "{{ ansible_user_shell }}"
+    groups: "{{ ansible_user_groups }}"
+    append: true
+    create_home: true
+
+- name: Configure passwordless sudo
+  ansible.builtin.copy:
+    dest: "/etc/sudoers.d/{{ ansible_user_name }}"
+    content: "{{ ansible_user_name }} ALL=(ALL) NOPASSWD:ALL\n"
+    owner: root
+    group: root
+    mode: '0440'
+
+- name: Ensure root .ssh directory exists
+  ansible.builtin.file:
+    path: /root/.ssh
+    state: directory
+    owner: root
+    group: root
+    mode: '0700'
+
+- name: Add SSH keys to root authorized_keys
+  ansible.builtin.authorized_key:
+    user: root
+    key: "{{ item }}"
+  loop: "{{ ansible_user_authorized_keys }}"
+
+- name: Add SSH keys to ansible user authorized_keys
+  ansible.builtin.authorized_key:
+    user: "{{ ansible_user_name }}"
+    key: "{{ item }}"
+  loop: "{{ ansible_user_authorized_keys }}"
\ No newline at end of file