#####################################
### someone's ansible provisioner ###
#####################################
# Part of: https://git.somenet.org/root/pub/somesible.git
# 2017-2025 by someone <someone@somenet.org>
#
# sudo-user for remote provisioning and periodic local provisioning.
#
---
- name: install sudo
  apt:
    pkg:
    - acl
    - sudo
    state: present
    policy_rc_d: 101
  tags: "online"
  ignore_errors: "{{ignore_online_errors | bool}}"


- name: create ansible public-files dir
  file:
    path: "/opt/somesible"
    state: directory
    mode: 0755
    owner: "root"
    group: "root"


- name: create ansible user
  user:
    name: "ansible"
    uid: 609
    home: "/var/ansible"
    shell: "/bin/bash"
    createhome: no
    system: yes
    group: "root"
    state: present


- name: create ansible user's homedir
  file:
    path: "/var/ansible"
    state: directory
    mode: 0700
    owner: "ansible"
    group: "root"


- name: add ansible to sudoers
  copy:
    src: "{{item}}"
    dest: "/etc/sudoers.d/ansible"
    mode: 0440
    owner: "root"
    group: "root"
    validate: /usr/sbin/visudo -cf %s
  with_first_found:
    - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/sudoers.d.ansible"
    - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/sudoers.d.ansible"
    - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/sudoers.d.ansible"
    - "default/sudoers.d.ansible"


- name: override default sudoers file
  copy:
    src: "{{item}}"
    dest: "/etc/sudoers"
    mode: 0440
    owner: "root"
    group: "root"
    validate: /usr/sbin/visudo -cf %s
  with_first_found:
    - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/sudoers"
    - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/sudoers"
    - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/sudoers"
    - "default/sudoers"


- name: set ansible .ssh-dir permissions
  file:
    path: "/var/ansible/.ssh"
    state: directory
    mode: 0700
    owner: "ansible"
    group: "root"


- name: copy authorized_keys
  copy:
    src: "{{item}}"
    dest: "/var/ansible/.ssh/authorized_keys"
    mode: 0600
    owner: "ansible"
    group: "root"
  with_first_found:
    - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/authorized_keys"
    - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/authorized_keys"
    - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/authorized_keys"
    - "default/authorized_keys"