2 files changed, 33 insertions, 0 deletions

diff --git a/infrastructure/roles/users/README.md b/infrastructure/roles/users/README.md
new file mode 100644
index 0000000..71a4486
--- /dev/null
+++ b/infrastructure/roles/users/README.md
@@ -0,0 +1,11 @@
+# Users
+
+## Initial set up
+
+This role creates users in the `sudo` group.
+`sudo` requires a password.
+
+To set your password, run `su -c 'passwd $(whoami)'`.
+
+From then on, use `sudo` for privileged actions.
+Remember to only modify the system using Ansible.
diff --git a/infrastructure/roles/users/tasks/main.yaml b/infrastructure/roles/users/tasks/main.yaml
new file mode 100644
index 0000000..37d616c
--- /dev/null
+++ b/infrastructure/roles/users/tasks/main.yaml
@@ -0,0 +1,22 @@
+- name: create user
+  ansible.builtin.user:
+    name: "{{ item.name }}"
+    shell: "{{ item.shell }}"
+    groups:
+      - sudo
+  loop: "{{ users }}"
+- name: create .ssh directory
+  ansible.builtin.file:
+    path: "/home/{{ item.name }}/.ssh"
+    state: directory
+    owner: "{{ item.name }}"
+    group: "{{ item.name }}"
+  loop: "{{ users }}"
+- name: set authorized keys
+  ansible.builtin.copy:
+    dest: "/home/{{ item.name }}/.ssh/authorized_keys"
+    owner: "{{ item.name }}"
+    group: "{{ item.name }}"
+    mode: '0400'
+    content: "{{ item.authorized_keys }}"
+  loop: "{{ users }}"