From 2b974f738c971943df083009cc9a06cac5d436ad Mon Sep 17 00:00:00 2001
From: Christoph <ckubu@oopen.de>
Date: Thu, 24 Sep 2020 03:00:03 +0200
Subject: [PATCH] Update..

---
 hosts                                         |  1 +
 .../files/PLEASE_CHANGE_YOUR_PASSWORD_ASAP    |  1 +
 roles/sudo_users/files/public_keys/andy.pub   |  1 +
 roles/sudo_users/files/public_keys/chris.pub  |  2 ++
 roles/sudo_users/files/public_keys/ewald.pub  |  1 +
 roles/sudo_users/files/public_keys/peter.pub  |  1 +
 roles/sudo_users/files/public_keys/robert.pub |  2 ++
 roles/sudo_users/files/public_keys/urs.pub    |  1 +
 roles/sudo_users/handlers/main.yml            |  6 +++++
 roles/sudo_users/tasks/main.yml               | 22 +++++++++++++++++++
 roles/sudo_users/vars/main.yml                | 14 ++++++++++++
 11 files changed, 52 insertions(+)
 create mode 100644 roles/sudo_users/files/PLEASE_CHANGE_YOUR_PASSWORD_ASAP
 create mode 100755 roles/sudo_users/files/public_keys/andy.pub
 create mode 100644 roles/sudo_users/files/public_keys/chris.pub
 create mode 100644 roles/sudo_users/files/public_keys/ewald.pub
 create mode 100755 roles/sudo_users/files/public_keys/peter.pub
 create mode 100755 roles/sudo_users/files/public_keys/robert.pub
 create mode 100755 roles/sudo_users/files/public_keys/urs.pub
 create mode 100644 roles/sudo_users/handlers/main.yml
 create mode 100755 roles/sudo_users/tasks/main.yml
 create mode 100644 roles/sudo_users/vars/main.yml

diff --git a/hosts b/hosts
index 78608d6..32644ab 100644
--- a/hosts
+++ b/hosts
@@ -12,6 +12,7 @@ pc103.ro.netz
 pc104.ro.netz
 pc105.ro.netz
 pc106.ro.netz
+pc107.ro.netz
 pc108.ro.netz
 pc109.ro.netz
 
diff --git a/roles/sudo_users/files/PLEASE_CHANGE_YOUR_PASSWORD_ASAP b/roles/sudo_users/files/PLEASE_CHANGE_YOUR_PASSWORD_ASAP
new file mode 100644
index 0000000..9f1b1a4
--- /dev/null
+++ b/roles/sudo_users/files/PLEASE_CHANGE_YOUR_PASSWORD_ASAP
@@ -0,0 +1 @@
+Your standard password was used when this file was created. Please run passwd and delete this file as soon as possible.
diff --git a/roles/sudo_users/files/public_keys/andy.pub b/roles/sudo_users/files/public_keys/andy.pub
new file mode 100755
index 0000000..835cc91
--- /dev/null
+++ b/roles/sudo_users/files/public_keys/andy.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAwt3IYUmVBD3Vkmnf6Ctqp9PTvKz8z13wtIaHagvDjQrvZ6+nYQWuM0QDmOfrWjuYAQxaRg7fMIadvli+Czrhwg6EmAS27oZFUCeds4Vn9rFkdPExA6MRVmCtF6IjDEGlCdbGNvIU7NQ7PFvgxy+Uc4KKxgiQukkeU/1P5JuSydCz92833cv3P9JLSp0i1oRe3YzXUgvhONdG1xMm6H1tyEHOyaaxSAwX+Vzyp/a790swsR1RgviItkt9+KoFe5XFtuEz8ZfHTLAP6Kx5AXHjPbB92Ju4byHjAmKXg3W44ZQhOQG9N1IlvZkOEaruBIquaSGAioBLhZF1XQVnR+QJaQ== hellwig.andreas@gmx.net
diff --git a/roles/sudo_users/files/public_keys/chris.pub b/roles/sudo_users/files/public_keys/chris.pub
new file mode 100644
index 0000000..464bdb4
--- /dev/null
+++ b/roles/sudo_users/files/public_keys/chris.pub
@@ -0,0 +1,2 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCyWbdnjnN/xfy1F6kPbsRXp8zvJEh8uHfTZuZKyaRV/iRuhsvqRiDB+AhUAlIaPwgQ8itaI6t5hijD+sZf+2oXXbNy3hkOHTrCDKCoVAWfMRKPuA1m8RqS4ZXXgayaeCzVnPEq6UrC5z0wO/XBwAktT37RRSQ/Hq2zCHy36NQEQYrhF3+ytX7ayb10pJAMVGRctYmr5YnLEVMSIREbPxZTNc80H1zqNPVJwYZhl8Ox61U4MoNhJmJwbKWPRPZsJpbTh9W2EU37tdwRBVQP6yxhua3TR6C7JnNPVY0IK23BYlNtQEDY4PHcIuewkamEWpP0+jhEjtwy1TqjRPdU/y+2uQjC6FSOVMsSPxgd8mw4cSsfp+Ard7P+YOevUXD81+jFZ3Wz0PRXbWMWAm2OCe7n8jVvkXMz+KxSYtrsvKNw1WugJq1z//bJNMTK6ISWpqaXDevGYQRJJ8dPbMmbey40WpS5CA/l29P7fj/cOl59w3LZGshrMOm7lVz9qysVV0ylfE3OpfKCGitkpY0Asw4lSkuLHoNZnDo6I5/ulRuKi6gsLk27LO5LYS8Zm1VOis/qHk1Gg1+QY47C4RzdTUxlU1CGesPIiQ1uUX2Z4bD7ebTrrOuEFcmNs3Wu5nif21Qq0ELEWhWby6ChFrbFHPn+hWlDwNM0Nr11ftwg0+sqVw== root@luna
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5IhVprsvVOcFPbZzD9xR0nCjZ/9qVG6RhLJ7QBSts81nRvLwnmvcMBHSf5Rfaigey7Ff5dLHfJnxRE0KDATn6n2yd/5mXpn2GAA8hDVfhdsmsb5U7bROjZNr8MmIUrP7c3msUGx1FtvzhwxtyvIWOFQpWx+W5biBa6hFjIxT1pkUJqe6fclp7xbGYKZiqZRBS4qKG5CpKnisuOYDsqYPND+OkU+PShoxGVzp1JywIVze7qeKv6GyYbRA9SP9Np+5Mit6B21Io4zOI81c2Rz6sPX7mwEAQEs7iCm2hzG8qJws45Lb4ERqDkVEVhGNUyHjHgGebS1sZx1mLExdurXlPm1l/EamkncDFDCutHXtLP7lsFFiym7fKUjSEgiiLmyu5Xm+mwZvesKa1FYNaeiFWfYZpCJrNzIk+ffs+mgg3kmL4Sd4Ooy7jXPX+WJe5Xyh1KLU/+Wj2TVrhN+LbmupYAti/Wgd3DA1v601svmG82aLmyJRtKC0rGMePH3kDbtqU72kYpzI8mXERe1TIQ00Z77kQBR/7BF/9y5/0YmYDcXt1wNCoSie+mzz3xYcEdLAc7T+DhYpd4M6VgWnuz/exzRzhQwoSdEKkEED8CpEoBrEWEiMdrlElGmlkVomLU7P9i9j1rshX/pAq0asnqeSoPdC3vNbU3keiJQnhIHECvw== chris@luna
diff --git a/roles/sudo_users/files/public_keys/ewald.pub b/roles/sudo_users/files/public_keys/ewald.pub
new file mode 100644
index 0000000..9021e39
--- /dev/null
+++ b/roles/sudo_users/files/public_keys/ewald.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMTFM31/04Wcxd7I1Qajl0rD++NqKEHWlOXY9wq5IUuKhzCvK3EGtOrVUjC5qBlcyh2a7MULLV5QjbbtWrbF7aWQjr2PJhTb/Lc+LUaFCxZL0b13qiv4TYuxgatST7RnBqvtddCyjqZsLp+BTr/3PHCem9BC4yluQ7h0UXq3N6x5zm2bL1nbZ12Z/HPCSua5Mbvt3OAKY/pIpFlfp4rDpWIw1gidg/pwm/8XPfJo50nIrz7htXHNYme6unLvClfxsc33Zc6bxYZOPWL+A0u3i8+z7qiDNC1vsgLV5dnCM9pJnJTt5IFHih/2hoSWcgXcl+zUI46mhPoI4FN/PuMjZf myc app mgmt | ewald.koenig@myclimate.org
diff --git a/roles/sudo_users/files/public_keys/peter.pub b/roles/sudo_users/files/public_keys/peter.pub
new file mode 100755
index 0000000..81ff7ec
--- /dev/null
+++ b/roles/sudo_users/files/public_keys/peter.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDe/fa1afnJi5FCI16LjctKR9zS4xiqxUX9g4sr+69f1++aPZdKNGivsKm1t/7Oq5G1pUndnVhZyLQJB6Ib+UJJEiaYmG6pmOuUc+oZ744F+kVstAFIq2/y8YWIsXgzrHXTRcqfZSPK9o0gOl3Fb7Zd7FPfyK59o/H90Ysg4b9u5FedyrkXj93W0AYAFnGPkCVsTZTEMyH6Lco/ZCkVsrzfKMd3K1qU24K88O3tI49WqcJmSH2qM6HMUtcshNf5LGSwqZvz8Wh5WVYeAC2TbQPjJ6fXu3KxD87z0A1lmFDIwO8GnWSXCX+XDlrsRo44K7thFAKihz9x9arPCjyCWYph haddock@mondfaere
diff --git a/roles/sudo_users/files/public_keys/robert.pub b/roles/sudo_users/files/public_keys/robert.pub
new file mode 100755
index 0000000..349b6c4
--- /dev/null
+++ b/roles/sudo_users/files/public_keys/robert.pub
@@ -0,0 +1,2 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1rlg3Y9LfVtMA6YXqwoGEd+uwqfoGNPGXsIGrPImcXH1McX7hANAdjwDOH4OqcRa09joxEUp4IaXCEWpDtRfe2g7hfR7mEcOWDRyToJ01l+KJ6g/EYE2mlEaxlVDiQaH23Wu4MbxmwlVweN2Lgq+Iz6yjeheLg/AafOIyhLXUmZN+4i3/Euby9xTRUHUtILZaJPFrWxeEHZRg8jl3mMmta6enkNHPf8QwS0LJKYcaof8kIiTJ3yW1MpTx/K8OQJGMb7U6is+o5HxzIYfTd6Owsq1/DUJtdE+8rR3BwOLmG859gBnVr3TwTA5Sx4FOSfK3BAsyYqIkBAdOknYsec2d rsp@ch-mycmn14
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5BNMrfY8w28OdHmwZodycd8Akph9eDX0V+6qv/WOHKvvh3Fnm5u7vsab+ZeQ+mhUGcmihkZuoEMUfDLIGN3A0d1aZMbGkbatXiDlgEGi/C3PPVv+lwRq7aVsC5yBMl3QiFDt/KFsIKM1UYFRXp+7PTPQZE0URATfwpSIF62bVDeW9SXIAbdF/OKi5oQqbX2MA1fA6Hn85hZqnzQ6myX9k/6e535sqwIM3PuKqTmZw493Y6RZTemu0at+RwOPX93VGhOSQ5OK4tqMATPoMF4JAnVIAz8GaZZmASXzswTfp9GAF2ZDMjilfB8q0qoZkuZ8sPidogEuRBqRTlVDN4p5X ubuadmin@eb8530w-ubu
diff --git a/roles/sudo_users/files/public_keys/urs.pub b/roles/sudo_users/files/public_keys/urs.pub
new file mode 100755
index 0000000..749050e
--- /dev/null
+++ b/roles/sudo_users/files/public_keys/urs.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC46DVvFgI6VXhw0ZZZfZkGPxBM2hbX6jDpRDcAC56zyEH9wSnjXr8T07dhFdnvQfDF9CCNlbq9SNA/laR3WO4SMbwiVmCyzGIkJ1OHmty5FQu953yIfRy1W/DNdzV3Q9yUDMigq1h2i2yphhicYZiy9WsRO9vcp6OdMNVyBhCVFhb8lq0YLNFSqwOyVKyvuczlzD4JrF6quhOSAmoZYk/k3cyM7kADL1ZPm5rpx/gP9GsA9F9j/bGiKgInXoOQHbchnHjPv5vGXhwe56vNwbVgsXfxtOV7Scd+BIzQI+/+miuDO1nb8Fkw3r5ZrBRJ6R36x9d51hkVqpXt42fIJgSV myc_work
diff --git a/roles/sudo_users/handlers/main.yml b/roles/sudo_users/handlers/main.yml
new file mode 100644
index 0000000..b0cffed
--- /dev/null
+++ b/roles/sudo_users/handlers/main.yml
@@ -0,0 +1,6 @@
+- name: Ensure password change reminder present
+  copy:
+    src: PLEASE_CHANGE_YOUR_PASSWORD_ASAP
+    dest: "/home/{{ item }}"
+    owner: '{{ item }}'
+  with_items: '{{ sudo_users }}'
diff --git a/roles/sudo_users/tasks/main.yml b/roles/sudo_users/tasks/main.yml
new file mode 100755
index 0000000..a491c18
--- /dev/null
+++ b/roles/sudo_users/tasks/main.yml
@@ -0,0 +1,22 @@
+- name: Ensure allow_ssh-group exists
+  group:
+    name: allow_ssh
+    state: present
+
+- name: Ensure sudo users present
+  user:
+    name: "{{ item }}"
+    groups: sudo,allow_ssh
+    home: "/home/{{ item }}"
+    shell: /bin/bash
+    state: present
+    password: '{{ passwords[item] }}'
+    update_password: on_create
+  with_items: '{{ sudo_users }}'
+  notify: Ensure password change reminder present
+
+- name: Ensure public keys in authorized_keys
+  authorized_key:
+    user: "{{ item }}"
+    key: "{{ lookup('file', 'public_keys/' + item + '.pub') }}"
+  with_items: '{{ sudo_users }}'
diff --git a/roles/sudo_users/vars/main.yml b/roles/sudo_users/vars/main.yml
new file mode 100644
index 0000000..f37baea
--- /dev/null
+++ b/roles/sudo_users/vars/main.yml
@@ -0,0 +1,14 @@
+passwords:
+  andy: $1$34556rtg$KT1r9T2MGzpBUIS5iJ90N.
+  urs: $1$34556rtg$4K/6EKUB0GTMmzwAiClTU0
+  robert: $1$3qerxfkj$OkBu/4EsxpTYSh29BxUIc1
+  peter: $1$q35w04et$pMG6WRf33iPGKOEYVBLTV0
+  ewald: $1$4tsdghsl$oc0zuI3qUcg1G2pCmSxT5.
+  chris: $1$X8nguz3$JXZt4tGOLGgPLhF4nE5JU/
+
+# chris is a contractor from OOpen, who helps us with server management.
+
+# To add new entry generate hashed password with following command
+# and add a line with the username and the generated password hash:
+
+# openssl passwd -salt <salt> -1 "<plaintext_password>"