tasks/unpriv-user.yml

---
- name: Ensure that unprivileged user is present
  ansible.builtin.user:
    name: "{{ interactive_user }}"
    shell: /bin/bash
    home: "{{ interactive_home }}"
    password: "{{ interactive_password }}"
    groups: sudo
    create_home: true
    skeleton: /etc/skel
    append: true

- name: Set the primary key for the unprivileged user, removing any others
  ansible.posix.authorized_key:
    user: "{{ interactive_user }}"
    key: "{{ lookup('file', '../home/ssh-keys/{{ interactive_user }}/{{ interactive_user }}-yubi-1.pub') }}"
    state: present
    exclusive: true

- name: Set the secondary key for the unprivileged user
  ansible.posix.authorized_key:
    user: "{{ interactive_user }}"
    key: "{{ lookup('file', '../home/ssh-keys/{{ interactive_user }}/{{ interactive_user }}-yubi-2.pub') }}"
    state: present

- name: Install required package to become unprivileged users
  ansible.builtin.apt:
    name: acl
    state: present
Initial commit 2024-10-26 16:23:45 +02:00			`---`
			`- name: Ensure that unprivileged user is present`
			`ansible.builtin.user:`
			`name: "{{ interactive_user }}"`
			`shell: /bin/bash`
			`home: "{{ interactive_home }}"`
			`password: "{{ interactive_password }}"`
			`groups: sudo`
			`create_home: true`
			`skeleton: /etc/skel`
			`append: true`

			`- name: Set the primary key for the unprivileged user, removing any others`
			`ansible.posix.authorized_key:`
			`user: "{{ interactive_user }}"`
			`key: "{{ lookup('file', '../home/ssh-keys/{{ interactive_user }}/{{ interactive_user }}-yubi-1.pub') }}"`
			`state: present`
			`exclusive: true`

			`- name: Set the secondary key for the unprivileged user`
			`ansible.posix.authorized_key:`
			`user: "{{ interactive_user }}"`
			`key: "{{ lookup('file', '../home/ssh-keys/{{ interactive_user }}/{{ interactive_user }}-yubi-2.pub') }}"`
			`state: present`

			`- name: Install required package to become unprivileged users`
			`ansible.builtin.apt:`
			`name: acl`
			`state: present`