ansible_playbooks/use_tps_add.yml

---
- name: Add user 'tps' with sudo ability and SSH key
  hosts: servers
  become: true

  vars_prompt:
    - name: tps_password
      prompt: "Enter the password for 'tps' user:"
      private: yes

  tasks:
    - name: Create the 'tps' user
      user:
        name: tps
        state: present
        shell: /bin/bash
        createhome: yes

    - name: Set password for 'tps' user
      ansible.builtin.shell: echo "tps:{{ tps_password | password_hash('sha512', 'mysecretsalt') }}" | chpasswd

    - name: Generate RSA SSH key pair for 'tps' user (if not already generated)
      ansible.builtin.shell: ssh-keygen -t rsa -b 4096 -C "tps@{{ ansible_hostname }}" -f "/home/tps/.ssh/id_rsa" creates="/home/tps/.ssh/id_rsa"

    - name: Set appropriate permissions for 'tps' user's SSH directory
      ansible.builtin.file:
        path: /home/tps/.ssh
        state: directory
        mode: "0700"
        owner: tps
        group: tps

    - name: Read the public key content
      ansible.builtin.slurp:
        src: /home/tps/.ssh/id_rsa.pub
      register: public_key_file

    - name: Add 'tps' user to sudoers
      ansible.builtin.lineinfile:
        path: /etc/sudoers
        line: 'tps ALL=(ALL:ALL) ALL'
        validate: 'visudo -cf %s'

    - name: Add the public key to Gitea using the API with the access token
      ansible.builtin.uri:
        url: "https://gitea.hptrow.me/api/v1/user/keys"
        method: POST
        headers:
          Authorization: "a3b03005781823a4fc0c4b435269408d94e0e2f8"
          Content-Type: "application/json"
        body_format: json
        body:
          title: "tps-{{ ansible_hostname }}"
          key: "{{ public_key_file.content | b64decode }}"
        status_code: 201
      delegate_to: localhost
update 2023-08-03 15:57:00 -04:00			`---`
			`- name: Add user 'tps' with sudo ability and SSH key`
			`hosts: servers`
			`become: true`

			`vars_prompt:`
			`- name: tps_password`
			`prompt: "Enter the password for 'tps' user:"`
			`private: yes`

			`tasks:`
			`- name: Create the 'tps' user`
			`user:`
			`name: tps`
			`state: present`
			`shell: /bin/bash`
			`createhome: yes`

			`- name: Set password for 'tps' user`
			`ansible.builtin.shell: echo "tps:{{ tps_password \| password_hash('sha512', 'mysecretsalt') }}" \| chpasswd`

			`- name: Generate RSA SSH key pair for 'tps' user (if not already generated)`
			`ansible.builtin.shell: ssh-keygen -t rsa -b 4096 -C "tps@{{ ansible_hostname }}" -f "/home/tps/.ssh/id_rsa" creates="/home/tps/.ssh/id_rsa"`

			`- name: Set appropriate permissions for 'tps' user's SSH directory`
			`ansible.builtin.file:`
			`path: /home/tps/.ssh`
			`state: directory`
			`mode: "0700"`
			`owner: tps`
			`group: tps`

			`- name: Read the public key content`
			`ansible.builtin.slurp:`
			`src: /home/tps/.ssh/id_rsa.pub`
			`register: public_key_file`

			`- name: Add 'tps' user to sudoers`
			`ansible.builtin.lineinfile:`
			`path: /etc/sudoers`
			`line: 'tps ALL=(ALL:ALL) ALL'`
			`validate: 'visudo -cf %s'`

			`- name: Add the public key to Gitea using the API with the access token`
			`ansible.builtin.uri:`
			`url: "https://gitea.hptrow.me/api/v1/user/keys"`
			`method: POST`
			`headers:`
			`Authorization: "a3b03005781823a4fc0c4b435269408d94e0e2f8"`
			`Content-Type: "application/json"`
			`body_format: json`
			`body:`
			`title: "tps-{{ ansible_hostname }}"`
			`key: "{{ public_key_file.content \| b64decode }}"`
			`status_code: 201`
			`delegate_to: localhost`