add urubamba playbooks

urubamba/roles/users/tasks/main.yml

@@ -0,0 +1,31 @@
+---
+- name: "Create admin user accounts"
+  ansible.builtin.user:
+    name: "{{ item.username }}"
+    password: "{{ item.password | password_hash('sha512') }}"
+    shell: /bin/bash
+  with_items: "{{ admin_users }}"
+
+- name: "Add authorized keys for admin user accounts"
+  ansible.posix.authorized_key:
+    user: "{{ item.username }}"
+    key: "{{ lookup('file', 'files/' + item.username + '.key.pub') }}"
+  with_items: "{{ admin_users }}"
+  register: add_authorized_keys
+
+- name: "Add admin user accounts to sudoers file"
+  community.general.sudoers:
+    name: "sudo-{{ item.username }}"
+    user: "{{ item.username }}"
+    nopassword: false
+    commands: ALL
+  with_items: "{{ admin_users }}"
+
+- name: "Disable password login"
+  ansible.builtin.lineinfile:
+    dest: "{{ sshd_config_path }}"
+    regexp: '^(#\s*)?PasswordAuthentication '
+    line: 'PasswordAuthentication no'
+  when:
+    - add_authorized_keys is succeeded
+  notify: restart sshd