iiab/roles/iiab-admin/tasks/admin-user.yml

- name: Create iiab-admin user and password
  user:
    name: "{{ iiab_admin_user }}"
    password: "{{ iiab_admin_passw_hash }}"
    update_password: on_create
    shell: /bin/bash

- name: Create a wheel group
  group:
    name: wheel
    state: present

- name: Create a sudo group (redhat)
  group:
    name: sudo
    state: present
  when: is_redhat

- name: Add user to wheel group
  user:
    name: "{{ iiab_admin_user }}"
    groups: wheel,sudo

- name: Create root .ssh
  file:
    path: /root/.ssh
    owner: root
    group: root
    mode: 0700
    state: directory

- name: Install dummy root keys as placeholder
  copy:
    src: dummy_authorized_keys
    dest: /root/.ssh/authorized_keys
    owner: root
    group: root
    mode: 0600
    force: no

- name: Edit the sudoers file -- first make it editable
  file:
    path: /etc/sudoers
    mode: 0640

- name: Have sudo log all commands it handles
  lineinfile:
    regexp: logfile
    line: "Defaults     logfile = /var/log/sudo.log"
    dest: /etc/sudoers
    state: present

- name: Lets wheel sudo without password
  lineinfile:
    line: "%wheel ALL= NOPASSWD: ALL"
    dest: /etc/sudoers

- name: Remove the line which requires tty
  lineinfile:
    regexp: requiretty
    dest: /etc/sudoers
    state: absent

- name: End editing the sudoers file -- protect it again
  file:
    path: /etc/sudoers
    mode: 0440