From 6ce9918171339240493045f935a25dc6a376e1c8 Mon Sep 17 00:00:00 2001
From: rulrich <rulrich@host-ranger.ch>
Date: Fri, 8 Mar 2024 16:11:45 +0100
Subject: [PATCH 1/4] =?UTF-8?q?playbook.yml=20hinzugef=C3=BCgt?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 playbook.yml | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 playbook.yml

diff --git a/playbook.yml b/playbook.yml
new file mode 100644
index 0000000..f92076c
--- /dev/null
+++ b/playbook.yml
@@ -0,0 +1,15 @@
+---
+- hosts: production
+  become: true
+#  vars_files:
+#    - vars/production/users.yml
+  roles: 
+    - users
+- hosts: testing
+  become: true
+#  vars_files: 
+#    - vars/testing/users.yml
+  roles: 
+    - users
+
+

From a2149bd04cbe65b610691445fba741d40850b690 Mon Sep 17 00:00:00 2001
From: rulrich <rulrich@host-ranger.ch>
Date: Fri, 8 Mar 2024 16:14:22 +0100
Subject: [PATCH 2/4] =?UTF-8?q?hosts=20hinzugef=C3=BCgt?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 hosts | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 hosts

diff --git a/hosts b/hosts
new file mode 100644
index 0000000..c711390
--- /dev/null
+++ b/hosts
@@ -0,0 +1,5 @@
+[testing]
+test.band-on.com
+
+[production]
+band-on.com
\ No newline at end of file

From a975c0e2e1bb014b39ae135652eba1d965983237 Mon Sep 17 00:00:00 2001
From: rulrich <rulrich@host-ranger.ch>
Date: Fri, 8 Mar 2024 16:37:07 +0100
Subject: [PATCH 3/4] =?UTF-8?q?roles/users/tasks/main.yml=20hinzugef=C3=BC?=
 =?UTF-8?q?gt?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 roles/users/tasks/main.yml | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 roles/users/tasks/main.yml

diff --git a/roles/users/tasks/main.yml b/roles/users/tasks/main.yml
new file mode 100644
index 0000000..5613d29
--- /dev/null
+++ b/roles/users/tasks/main.yml
@@ -0,0 +1,23 @@
+---
+- name: Ensure group "admins" exists
+# include_tasks: create_groups.yml
+  ansible.builtin.group:
+    name: admins
+    state: present
+    tags: groups
+
+- name: Grant sudo without PW to admins group
+  ansible.builtin.file:
+    src: roles/users/files/sudo_group_admins
+    path: /etc/sudoers.d/admins
+    owner: root
+    group: root
+    mode: '0440'
+
+- name: Ensure user "rulrich" exists
+  ansible.builtin.user:
+    name: rulrich
+    shell: /bin/bash
+    groups: admins
+    append: yes
+    ssh_public_key: "'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEecPevXnWu9Rs7QhDFAdeKl/E6cBPwUno+nEd4qoUAK rulrich@rabbit'\n"

From aa1860f9ef08264508c082dd3efb9be106a226e5 Mon Sep 17 00:00:00 2001
From: rulrich <rulrich@host-ranger.ch>
Date: Fri, 8 Mar 2024 16:37:45 +0100
Subject: [PATCH 4/4] =?UTF-8?q?roles/users/files/sudo=5Fgroup=5Fadmins=20h?=
 =?UTF-8?q?inzugef=C3=BCgt?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 roles/users/files/sudo_group_admins | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 roles/users/files/sudo_group_admins

diff --git a/roles/users/files/sudo_group_admins b/roles/users/files/sudo_group_admins
new file mode 100644
index 0000000..81387f2
--- /dev/null
+++ b/roles/users/files/sudo_group_admins
@@ -0,0 +1 @@
+%admins ALL=(ALL) NOPASSWD: ALL