From ccad58269a305455d77d0882bc746df094e424ec Mon Sep 17 00:00:00 2001
From: alex <alex@pdp7.net>
Date: Sat, 11 Oct 2025 10:37:45 +0200
Subject: Set up users

---
 infrastructure/roles/users/README.md       | 11 +++++++++++
 infrastructure/roles/users/tasks/main.yaml | 22 ++++++++++++++++++++++
 2 files changed, 33 insertions(+)
 create mode 100644 infrastructure/roles/users/README.md
 create mode 100644 infrastructure/roles/users/tasks/main.yaml

(limited to 'infrastructure/roles')

diff --git a/infrastructure/roles/users/README.md b/infrastructure/roles/users/README.md
new file mode 100644
index 0000000..71a4486
--- /dev/null
+++ b/infrastructure/roles/users/README.md
@@ -0,0 +1,11 @@
+# Users
+
+## Initial set up
+
+This role creates users in the `sudo` group.
+`sudo` requires a password.
+
+To set your password, run `su -c 'passwd $(whoami)'`.
+
+From then on, use `sudo` for privileged actions.
+Remember to only modify the system using Ansible.
diff --git a/infrastructure/roles/users/tasks/main.yaml b/infrastructure/roles/users/tasks/main.yaml
new file mode 100644
index 0000000..37d616c
--- /dev/null
+++ b/infrastructure/roles/users/tasks/main.yaml
@@ -0,0 +1,22 @@
+- name: create user
+  ansible.builtin.user:
+    name: "{{ item.name }}"
+    shell: "{{ item.shell }}"
+    groups:
+      - sudo
+  loop: "{{ users }}"
+- name: create .ssh directory
+  ansible.builtin.file:
+    path: "/home/{{ item.name }}/.ssh"
+    state: directory
+    owner: "{{ item.name }}"
+    group: "{{ item.name }}"
+  loop: "{{ users }}"
+- name: set authorized keys
+  ansible.builtin.copy:
+    dest: "/home/{{ item.name }}/.ssh/authorized_keys"
+    owner: "{{ item.name }}"
+    group: "{{ item.name }}"
+    mode: '0400'
+    content: "{{ item.authorized_keys }}"
+  loop: "{{ users }}"
-- 
cgit v1.2.3