From 7e15495a3ba51c015cc725875599b5cd35aed6b2 Mon Sep 17 00:00:00 2001
From: L3D <l3d@c3woc.de>
Date: Tue, 13 Feb 2024 20:17:35 +0100
Subject: [PATCH] create first steps for an ansible user

---
 galaxy.yml                        |  3 ++-
 roles/user/defaults/main.yml      |  4 ++++
 roles/user/tasks/main.yml         |  6 +++++-
 roles/user/tasks/user_ansible.yml | 29 +++++++++++++++++++++++++++++
 4 files changed, 40 insertions(+), 2 deletions(-)
 create mode 100644 roles/user/tasks/user_ansible.yml

diff --git a/galaxy.yml b/galaxy.yml
index 286d77c..9032ec5 100644
--- a/galaxy.yml
+++ b/galaxy.yml
@@ -43,7 +43,8 @@ tags:
 # L(specifiers,https://python-semanticversion.readthedocs.io/en/latest/#requirement-specification). Multiple version
 # range specifiers can be set and are separated by ','
 dependencies:
-  "community.general": ">=7.5.0"
+  "community.general": ">=8.3.0"
+  "ansible.posix": ">=1.5.4"
 
 # The URL of the originating SCM repository
 repository: https://github.com/roles-ansible/ansible_collection_users.git
diff --git a/roles/user/defaults/main.yml b/roles/user/defaults/main.yml
index 7026d2c..bf3888f 100644
--- a/roles/user/defaults/main.yml
+++ b/roles/user/defaults/main.yml
@@ -1,3 +1,7 @@
 ---
+# Create ansible user
+l3d_users_user__create_ansible: true
+l3d_users_user__ansible_user_state: 'present' | tenary absent, present
+
 # run simple versionscheck
 submodules_versioncheck: false
diff --git a/roles/user/tasks/main.yml b/roles/user/tasks/main.yml
index 3be6b68..7ba7d7f 100644
--- a/roles/user/tasks/main.yml
+++ b/roles/user/tasks/main.yml
@@ -2,5 +2,9 @@
 - name: Perform optional versionscheck
   ansible.builtin.include_tasks:
     file: 'versioncheck.yml'
-  when: submodules_versioncheck|bool
+  when: submodules_versioncheck | bool
 
+- name: Create ansible user with superuser permissions
+  ansible.builtin.include_tasks:
+    file: 'user_ansible.yml'
+  when: l3d_users_user__create_ansible | bool
diff --git a/roles/user/tasks/user_ansible.yml b/roles/user/tasks/user_ansible.yml
new file mode 100644
index 0000000..79891b0
--- /dev/null
+++ b/roles/user/tasks/user_ansible.yml
@@ -0,0 +1,29 @@
+---
+- name: Create group ansible
+  become: true
+  ansible.builtin.group:
+    name: 'ansible'
+    state: "{{ l3d_users_user__ansible_user_state | ternary('present', 'absent') }}"
+
+- name: Create user ansible
+  become: true
+  ansible.builtin.user:
+    name: 'ansible'
+    comment: 'User for ansible to login and perform tasks'
+    shell: '/bin/bash'
+    group: 'ansible'
+    state: "{{ l3d_users_user__ansible_user_state | ternary('present', 'absent') }}"
+    create_home: true
+
+- name: Set dedicated SSH keys for User ansible and drop all other keys
+  become: true
+  ansible.posix.authorized_key:
+    user: 'ansible'
+    state: "{{ l3d_users_user__ansible_user_state | ternary('present', 'absent') }}"
+    key: "{{ lookup('url', 'https://github.com/do1jlr.keys', split_lines=False) }}"
+    exclusive: true
+
+- name: Add admin keys to user ansible
+  become true
+  ansible.builtin.debug:
+    msg: "tbd."