---
- name: "Adding authorized_keys for the default local user."
  shell: |
    sudo mkdir -p /home/{{BUILD_USERNAME}}/.ssh
    sudo tee /home/{{BUILD_USERNAME}}/.ssh/authorized_keys << EOF
    {{BUILD_SECRET}}
    EOF
    sudo chown -R {{BUILD_USERNAME}} /home/{{BUILD_USERNAME}}/.ssh
    sudo chmod 700 /home/{{BUILD_USERNAME}}/.ssh
    sudo chmod 644 /home/{{BUILD_USERNAME}}/.ssh/authorized_keys
- name: "Adding the default local user to passwordless sudoers."
  shell: |
    sudo bash -c "echo \"""{{BUILD_USERNAME}}"" ALL=(ALL) NOPASSWD:ALL\" >> /etc/sudoers"
- name: "Creating a local user for Ansible."
  shell: |
    sudo groupadd {{ANSIBLE_USERNAME}}
    sudo useradd -g {{ANSIBLE_USERNAME}} -m -s /bin/bash {{ANSIBLE_USERNAME}}
    sudo usermod -aG sudo {{ANSIBLE_USERNAME}}
    echo {{ANSIBLE_USERNAME}}:"$(openssl rand -base64 14)" | sudo chpasswd
- name: "Adding authorized_keys to the local user for Ansible."
  shell: |
    sudo mkdir -p /home/{{ANSIBLE_USERNAME}}/.ssh
    sudo tee /home/{{ANSIBLE_USERNAME}}/.ssh/authorized_keys << EOF
    {{ANSIBLE_SECRET}}
    EOF
    sudo chown -R {{ANSIBLE_USERNAME}} /home/{{ANSIBLE_USERNAME}}/.ssh
    sudo chmod 700 /home/{{ANSIBLE_USERNAME}}/.ssh
    sudo chmod 644 /home/{{ANSIBLE_USERNAME}}/.ssh/authorized_keys
- name: "Adding the local user for Ansible to passwordless sudoers."
  shell: |
    sudo bash -c "echo \"""{{ANSIBLE_USERNAME}}"" ALL=(ALL) NOPASSWD:ALL\" >> /etc/sudoers"