From 9b15a71be587ed9b59134b7e8a922a767f7811eb Mon Sep 17 00:00:00 2001
From: James Hackett <jamesthackett1@gmail.com>
Date: Wed, 30 Nov 2022 22:02:19 +0000
Subject: [PATCH] adds ssh and apt role

---
 ansible/roles/apt/defaults/main.yml      | 13 ++++++++++++
 ansible/roles/apt/tasks/main.yml         | 13 ++++++++++++
 ansible/roles/ssh/defaults/main.yml      | 11 ++++++++++
 ansible/roles/ssh/tasks/creategroups.yml |  6 ++++++
 ansible/roles/ssh/tasks/main.yml         | 27 ++++++++++++++++++++++++
 5 files changed, 70 insertions(+)
 create mode 100644 ansible/roles/apt/defaults/main.yml
 create mode 100644 ansible/roles/apt/tasks/main.yml
 create mode 100644 ansible/roles/ssh/defaults/main.yml
 create mode 100644 ansible/roles/ssh/tasks/creategroups.yml
 create mode 100644 ansible/roles/ssh/tasks/main.yml

diff --git a/ansible/roles/apt/defaults/main.yml b/ansible/roles/apt/defaults/main.yml
new file mode 100644
index 0000000..b23f4ff
--- /dev/null
+++ b/ansible/roles/apt/defaults/main.yml
@@ -0,0 +1,13 @@
+---
+apt_packages:
+  - cron
+  - curl
+  - git
+  - htop
+  - net-tools
+  - nmap
+  - sysstat
+  - vim
+
+apt_install_packages: false
+apt_update_packages: true
diff --git a/ansible/roles/apt/tasks/main.yml b/ansible/roles/apt/tasks/main.yml
new file mode 100644
index 0000000..556ca23
--- /dev/null
+++ b/ansible/roles/apt/tasks/main.yml
@@ -0,0 +1,13 @@
+---
+- name: apt update packages to their latest version and autoclean
+  become: true
+  apt:
+    upgrade: yes
+    update_cache: yes  
+  when: ansible_os_family == "Debian" and apt_update_packages
+
+- name: install common tools
+  ansible.builtin.apt:
+    name: "{{ item }}"
+  with_items: "{{ apt_packages }}"
+  when: ansible_os_family == "Debian" and apt_install_packages
diff --git a/ansible/roles/ssh/defaults/main.yml b/ansible/roles/ssh/defaults/main.yml
new file mode 100644
index 0000000..bf05dc2
--- /dev/null
+++ b/ansible/roles/ssh/defaults/main.yml
@@ -0,0 +1,11 @@
+---
+
+# a current listing of all admins who have ssh access to Redbrick.
+
+github_users:
+  - user: mojito
+    # omitting account variable won't add any github keys to the user.
+    account: DistroByte 
+    groups: [sudo, docker]
+
+github_url: https://github.com
diff --git a/ansible/roles/ssh/tasks/creategroups.yml b/ansible/roles/ssh/tasks/creategroups.yml
new file mode 100644
index 0000000..3c27665
--- /dev/null
+++ b/ansible/roles/ssh/tasks/creategroups.yml
@@ -0,0 +1,6 @@
+---
+- name: Ensure user groups are present
+  group:
+    name: "{{ item }}"
+    state: present
+  with_items: "{{ user_data.groups | default(user_data) }}"
diff --git a/ansible/roles/ssh/tasks/main.yml b/ansible/roles/ssh/tasks/main.yml
new file mode 100644
index 0000000..69099df
--- /dev/null
+++ b/ansible/roles/ssh/tasks/main.yml
@@ -0,0 +1,27 @@
+---
+- include_tasks: creategroups.yml
+  loop: "{{ github_users }}"
+  loop_control:
+    loop_var: user_data
+
+- name: Ensure user accounts are present
+  user:
+    name: "{{ item.user | default(item) }}"
+    shell: /bin/bash
+    createhome: true
+    groups: "{{ item.groups | default(item) }}"
+    append: yes
+    home: /home/{{ item.user | default(item) }}
+    state: present
+  with_items: "{{ github_users }}"
+
+- name: Ensure authorized_keys for GitHub user accounts are present
+  authorized_key:
+    user: "{{ item.user | default(item) }}"
+    key: "{{ github_url }}/{{ item.account | default('') }}.keys"
+    manage_dir: true
+    exclusive: False
+  with_items: "{{ github_users }}"
+  ignore_errors: yes
+  register: task_result
+  failed_when: "'blah' in task_result"