From 0b9baa204e79325bd412d5450c3a0f63b4e7f4a8 Mon Sep 17 00:00:00 2001
From: Simone Spinelli <simone.spinelli@geant.org>
Date: Tue, 28 Mar 2023 19:12:45 +0000
Subject: [PATCH] Add sudo checks and new users variable

---
 roles/gap_utility_user/tasks/main.yml | 18 ++++++++++++++----
 roles/gap_utility_user/vars/main.yaml |  5 +++++
 2 files changed, 19 insertions(+), 4 deletions(-)
 create mode 100644 roles/gap_utility_user/vars/main.yaml

diff --git a/roles/gap_utility_user/tasks/main.yml b/roles/gap_utility_user/tasks/main.yml
index 61c0bd5..4f4bde6 100644
--- a/roles/gap_utility_user/tasks/main.yml
+++ b/roles/gap_utility_user/tasks/main.yml
@@ -1,17 +1,27 @@
+- name: Make sure sudoers are paswordless
+  community.general.sudoers:
+    name: sudo4gap
+    group: sudo
+    commands: ALL
+    state: present
+
 - name: Add a new Linux user
   ansible.builtin.user:
-    name: "{{ username }}"
-    comment: "{{ full_name }}"
+    name: "{{ item.username }}"
+    comment: "{{ item.full_name }}"
     groups: sudo
     append: yes
     password: '!'      #  Do not allow login with a password
     password_lock: yes #  Login with SSH key only
+    shell: "{{ item.shell }}" 
   register: user_output
+  with_items: "{{goat_users}}"
 
 - name: Add SSH key to user for logging in
   ansible.posix.authorized_key:
-    user: "{{ username }}"
-    key: "{{ ssh_key }}"
+    user: "{{ item.username }}"
+    key: "{{ item.ssh_key }}"
+  with_items: "{{goat_users}}"
 
 - name: Create new VM for development
   ansible.builtin.debug:
diff --git a/roles/gap_utility_user/vars/main.yaml b/roles/gap_utility_user/vars/main.yaml
new file mode 100644
index 0000000..933f9a8
--- /dev/null
+++ b/roles/gap_utility_user/vars/main.yaml
@@ -0,0 +1,5 @@
+goat_users: 
+  - username: simone
+    full_name: "Simone Spinelli"
+    shell: "/bin/bash"
+    ssh_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDt0UfEy8Tz4lrrXvLqcmDcVB/uxGot3upZUOUtUFif6dBiGdasxvi7OaHoOh1Ho6SHGF57tXFYXzIR0VIXdFs0zG62FGESXLOzpGgoB/bWcRDoipcoM0rnMKNuL+SOFjGQ0XLQu4/I6UHd6pJ+JW2V6gx0KcbiHt5ogHiFeeDyC+p/+eSyP0kXVnP7ewU/A/0cTBhAEvNstPrWdKj4C9LadBq8ZC9JheuEBpJvG+EwEXTFfRwL3JsG1Gwvyhg2fmlqiqsiM70XB1v8CLOp/gGcv0ug1oAOl1XKEEYqE2z/GWvykX8DDyMF3C8JSdyX3oOANwYHQ46XuENZqKc4DvWt simonespinelli@GA0050" 
-- 
GitLab