From: alex <alex@pdp7.net>
Date: Sat, 11 Oct 2025 08:37:45 +0000 (+0200)
Subject: Set up users
X-Git-Url: https://xn--ix-yja.es/gitweb/?a=commitdiff_plain;h=ccad58269a305455d77d0882bc746df094e424ec;p=infrastructure.git

Set up users
---

diff --git a/infrastructure/production.yaml b/infrastructure/production.yaml
index 4bd0386..6800693 100644
--- a/infrastructure/production.yaml
+++ b/infrastructure/production.yaml
@@ -9,3 +9,9 @@ ungrouped:
         66643762323130663763643061333862666539633832356663663832376239326534393837356237
         6532373435616636650a343532616364623864373863376166333538306130626637373235616130
         38666666623932363937336532343633353732643434616536666339343630663564
+all:
+  vars:
+    users:
+      - name: alex
+        shell: /usr/bin/bash
+        authorized_keys: "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAsmNM+izEWl/tIRncLIc9UFHwjL4b64VGD9ZTqeR/fEbfrhUjcQNmwHMbfF3l35OEFnPw6Afm8TzL/RwM+ePpdxj7HzZW6XBOVf258Dcs3olw/JuG8+oSvLoXUiTS1rqgNNp7RLEQN1IxYOUCreu6ju6y2WDi8Ota2vO1DpGgfHB1M6KbGBpLpZBCAKzrhI9I0y6nx6WEWWYJpcvN947oAgQRf/Bv4j9pNUATXhe14rNSWwk5lvOYZSEu7XZeg55GSzJSQjIO29F2SW8b886pB3hbRV+OFtLwWaMvsQwNp25n4wePQJX5OczKZxbN6rfjf4kuOmeGbVP3PmHa8hrmEw== alex@case"
diff --git a/infrastructure/roles/users/README.md b/infrastructure/roles/users/README.md
new file mode 100644
index 0000000..71a4486
--- /dev/null
+++ b/infrastructure/roles/users/README.md
@@ -0,0 +1,11 @@
+# Users
+
+## Initial set up
+
+This role creates users in the `sudo` group.
+`sudo` requires a password.
+
+To set your password, run `su -c 'passwd $(whoami)'`.
+
+From then on, use `sudo` for privileged actions.
+Remember to only modify the system using Ansible.
diff --git a/infrastructure/roles/users/tasks/main.yaml b/infrastructure/roles/users/tasks/main.yaml
new file mode 100644
index 0000000..37d616c
--- /dev/null
+++ b/infrastructure/roles/users/tasks/main.yaml
@@ -0,0 +1,22 @@
+- name: create user
+  ansible.builtin.user:
+    name: "{{ item.name }}"
+    shell: "{{ item.shell }}"
+    groups:
+      - sudo
+  loop: "{{ users }}"
+- name: create .ssh directory
+  ansible.builtin.file:
+    path: "/home/{{ item.name }}/.ssh"
+    state: directory
+    owner: "{{ item.name }}"
+    group: "{{ item.name }}"
+  loop: "{{ users }}"
+- name: set authorized keys
+  ansible.builtin.copy:
+    dest: "/home/{{ item.name }}/.ssh/authorized_keys"
+    owner: "{{ item.name }}"
+    group: "{{ item.name }}"
+    mode: '0400'
+    content: "{{ item.authorized_keys }}"
+  loop: "{{ users }}"
diff --git a/infrastructure/site.yaml b/infrastructure/site.yaml
new file mode 100644
index 0000000..5505001
--- /dev/null
+++ b/infrastructure/site.yaml
@@ -0,0 +1,4 @@
+---
+- hosts: all
+  roles:
+    - users