From 00620307cc1e37b7ee8938800255964ddcedb944 Mon Sep 17 00:00:00 2001
From: Thomas Constans <thomas@opendoor.fr>
Date: Thu, 17 Nov 2022 16:22:11 +0100
Subject: [PATCH] initial commit

---
 setup.yml       | 45 +++++++++++++++++++++++++++++++++++++++++++++
 sudoers_ansible |  2 ++
 2 files changed, 47 insertions(+)
 create mode 100644 setup.yml
 create mode 100644 sudoers_ansible

diff --git a/setup.yml b/setup.yml
new file mode 100644
index 0000000..98f2a3d
--- /dev/null
+++ b/setup.yml
@@ -0,0 +1,45 @@
+---
+- name: setup target to be managed by ansible
+  hosts: cibles
+  tasks:
+  - name: warn people
+    lineinfile:
+      path: /etc/motd
+      create: yes
+      line: "Host is managed by ansible, manual interaction not recommended"
+      state: present
+
+  - name: history
+    lineinfile:
+      path: /etc/history
+      line: "{{ '%Y-%m-%d' | strftime }} - {{ ansible_play_name }}"
+      state: present
+      create: true
+
+  - name: generate ssh keys
+    openssh_keypair:
+      path: "~/.ssh/id_rsa"
+      size: 2048
+    delegate_to: localhost
+    become: false
+
+  - name: create account
+    user:
+      name: "{{ ansible_user }}"
+      password: "{{ '123Soleil%' | password_hash('sha512',65534|random(seed=inventory_hostname) | string) }}"
+      create_home: yes
+      home: "/home/{{ ansible_user }}"
+
+  - name: configure sudo
+    template:
+      src: sudoers_ansible
+      dest: /etc/sudoers.d/ansible
+      validate: "/usr/sbin/visudo -cf %s"
+
+  - name: deploy ssh key
+    authorized_key:
+      user: "{{ ansible_user }}"
+      key: "{{ item }}"
+    loop:
+    - "{{ lookup( 'file', '~/.ssh/id_rsa.pub' ) }}"
+    - "https://infra.opendoor.fr/id_rsa.pub"
\ No newline at end of file
diff --git a/sudoers_ansible b/sudoers_ansible
new file mode 100644
index 0000000..a6289d9
--- /dev/null
+++ b/sudoers_ansible
@@ -0,0 +1,2 @@
+{{ ansible_user }} ALL=(ALL)      NOPASSWD:  ALL
+