add user-management

ansible-digitalocean/playbooks/inventory.ini

@@ -0,0 +1,3 @@
+[droplets]
+142.93.63.131 ansible_user=adel
+67.205.166.16 ansible_user=adelya

ansible-digitalocean/playbooks/user-management.yml

@@ -0,0 +1,95 @@
+---
+- name: User Management Playbook
+  hosts: all
+  become: true
+  tasks:
+    - name: Remove user 'adelia'
+      ansible.builtin.user:
+        name: adelia
+        state: absent
+        remove: true
+
+    - name: Set facts from users.conf
+      set_fact:
+        my_users: "{{ my_users | default([]) + [ {
+                      'user': params[0],
+                      'state': params[1],
+                      'super': (params[2] == 'super')
+                    } ] }}"
+      loop: "{{ lookup('file', 'user.conf').splitlines() }}"
+      vars:
+        params: "{{ item.split(':') }}"
+
+    - name: Manage users
+      ansible.builtin.user:
+        name: "{{ item.user }}"
+        state: "{{ item.state }}"
+      loop: "{{ my_users }}"
+
+    - name: Sudo privileges for super users
+      ansible.builtin.lineinfile:
+        path: /etc/sudoers
+        line: "{{ item.user }} ALL=(ALL) NOPASSWD: ALL"
+        validate: 'visudo -cf %s'
+      loop: "{{ my_users }}"
+      when: item.super
+
+    - name: Add SSH key for user
+      ansible.posix.authorized_key:
+        user: "{{ user_name }}"
+        state: present
+        key: "{{ lookup('file', '/root/.ssh/id_rsa.pub') }}"
+      vars:
+        user_name: adel
+
+    - name: Add user to sudo group
+      ansible.builtin.user:
+        name: "{{ sudo_user }}"
+        groups: sudo
+        append: true
+        state: present
+        create_home: true
+      vars:
+        sudo_user: adelia
+
+    - name: Configure password reuse policy
+      ansible.posix.sysctl:
+        name: "kernel.printk_ratelimit"
+        value: "10"
+        state: present
+        reload: yes
+
+
+    - name: Create group 'pkl'
+      ansible.builtin.group:
+        name: pkl
+        state: present
+
+    - name: Create user 'syifa' in group 'pkl'
+      ansible.builtin.user:
+        name: syifa
+        state: present
+        groups: pkl
+        append: yes
+        shell: /bin/bash
+
+    - name: Add 'pkl' group to sudoers
+      ansible.builtin.lineinfile:
+        path: /etc/sudoers
+        state: present
+        regexp: '^%pkl'
+        line: '%pkl ALL=(ALL) NOPASSWD: ALL'
+        validate: 'visudo -cf %s'
+
+    - name: Remove 'syifa' from group 'pkl'
+      ansible.builtin.user:
+        name: syifa
+        groups: pkl
+        state: present
+        append: no
+
+    - name: Remove group 'pkl'
+      ansible.builtin.group:
+        name: pkl
+        state: absent
+

ansible-digitalocean/playbooks/user.conf

@@ -0,0 +1,3 @@
+adelia:absent:super
+okta:absent:normal
+syifa:present:super