feat: Create ansible user for use by pull mode

README.md

@@ -3,4 +3,3 @@
 A reboot of an old project from about 7 years ago,
 https://github.com/CraigJPerry/home-network - I lost access to that github
 account after an unfortunate mistake with 2FA :-)
-

local.yml

@@ -0,0 +1,19 @@
+---
+- hosts: all
+  tasks:
+    - group_by: key=user_{{ ansible_user_id }}
+      changed_when: False
+
+# Invoked as root user
+- hosts: user_root
+  gather_facts: no
+  sudo: no
+  roles:
+    - install_ansible_pull
+
+# Invoked as non-root user, requires sudo
+- hosts: "!user_root"
+  gather_facts: no
+  sudo: yes
+  roles:
+    - install_ansible_pull

roles/install_ansible_pull/tasks/main.yml

@@ -0,0 +1,17 @@
+---
+
+# Install (or maintain) ansible pull mode
+
+- name: Create ansible user
+  user: state="present" name="ansible" system="yes" createhome="yes" generate_ssh_key="yes" comment="Ansible Configuration Management"
+
+- name: Add warning comment to ansible sudoers file
+  lineinfile: state="present" dest="/etc/sudoers.d/ansible" create="yes" insertbefore="BOF" regexp="^#" line="## Automatically Managed by Ansible, Manual Changes Will Be Lost!"
+
+- name: Disable requiretty restriction on ansible user
+  # NB: Full line in quotes due to : char, see ansible YAML disclaimer
+  lineinfile: 'state="present" dest="/etc/sudoers.d/ansible" create="yes" regexp="^Defaults" line="Defaults: ansible !requiretty"'
+
+- name: Allow ansible user full sudo privs
+  # NB: Full line in quotes due to : char, see ansible YAML disclaimer
+  lineinfile: 'state="present" dest="/etc/sudoers.d/ansible" create="yes" regexp="^ansible" line="ansible ALL=(ALL) NOPASSWD: ALL"'