initial commit

roles/create-user/tasks/deb.yml

@@ -0,0 +1,23 @@
+---
+
+- name: creating user {{ username }} in sudo group (Debian/Ubuntu)
+  user:
+    name: "{{ username }}"
+    password: "{{ pwgen | password_hash('sha512') }}"
+    state: present
+    shell: /bin/bash
+    groups: sudo
+    append: yes
+    generate_ssh_key: yes
+    ssh_key_bits: 2048
+    ssh_key_file: .ssh/id_rsa
+    update_password: on_create
+  register: user_created
+
+- name: enable nopasswd sudo (Debian/Ubuntu)
+  lineinfile:
+    dest: /etc/sudoers
+    regexp: '^%sudo'
+    line: "%sudo   ALL=(ALL:ALL) NOPASSWD:ALL"
+    state: present
+    validate: 'visudo -cf %s'

roles/create-user/tasks/el.yml

@@ -0,0 +1,23 @@
+---
+
+- name: creating user {{ username }} in wheel group (RHEL/CentOS/Fedora)
+  user:
+    name: "{{ username }}"
+    password: "{{ pwgen | password_hash('sha512') }}"
+    state: present
+    shell: /bin/bash
+    groups: wheel
+    append: yes
+    generate_ssh_key: yes
+    ssh_key_bits: 2048
+    ssh_key_file: .ssh/id_rsa
+    update_password: on_create
+  register: user_created
+
+- name: enable nopasswd sudo (RHEL/CentOS/Fedora)
+  lineinfile:
+    dest: /etc/sudoers
+    regexp: '^%wheel'
+    line: "%wheel       ALL=(ALL)       NOPASSWD: ALL"
+    state: present
+    validate: 'visudo -cf %s'

roles/create-user/tasks/main.yml

@@ -0,0 +1,20 @@
+---
+
+- include_tasks: deb.yml
+  when: ansible_distribution in ["Debian", "Ubuntu"]
+
+- include_tasks: el.yml
+  when: ansible_distribution in ["CentOS", "Red Hat Enterprise Linux", "Fedora"]
+
+- name: print generated password for {{ username }} on each host
+  debug: var=pwgen
+  when: user_created is changed 
+
+- name: copy current pubkeys to ~{{ username }}/.ssh/authorized_keys
+  authorized_key:
+    user: "{{ username }}"
+    state: present
+    key: "{{ item }}"
+  with_items:
+    - "{{ lookup('file','~/.ssh/id_ed25519.pub') }}"
+    - "{{ lookup('file','~/.ssh/id_rsa.pub') }}"