From df8eb83dc0ba5afa5c1a3d677750d5e3f07d24ba Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nicol=C3=B2=20P=2E?= <nicolo.paraciani@cnr.it>
Date: Sun, 1 Mar 2026 20:14:00 +0100
Subject: [PATCH] Linting + bootstrap Ansible user

---
 .gitignore                       |  2 +-
 bootstrap/create_ansible_user.sh | 14 ++++++++++++++
 bootstrap/id_ansible_lab.pub     |  1 +
 inventory/lab/inventory.yml      |  9 +++++----
 playbooks/webservers.yml         |  4 +++-
 roles/nginx/handlers/main.yml    |  2 +-
 roles/nginx/tasks/main.yml       |  2 +-
 7 files changed, 26 insertions(+), 8 deletions(-)
 create mode 100755 bootstrap/create_ansible_user.sh
 create mode 100644 bootstrap/id_ansible_lab.pub

diff --git a/.gitignore b/.gitignore
index 5a5d186..4e302a1 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,3 @@
-id_ansible_lab*
+id_ansible_lab
 *.sw*
 inventory/prod/*.y*ml
diff --git a/bootstrap/create_ansible_user.sh b/bootstrap/create_ansible_user.sh
new file mode 100755
index 0000000..041ba63
--- /dev/null
+++ b/bootstrap/create_ansible_user.sh
@@ -0,0 +1,14 @@
+#!/bin/env bash
+
+PUBKEY=./id_ansible.pub
+
+useradd ansible --create-home --shell /bin/bash
+# Ensure existing but unusable password (for Ubuntu)
+usermod -p '*' ansible
+mkdir /home/ansible/.ssh
+chown -R ansible:ansible /home/ansible/.ssh
+install -m 600 $PUBKEY /home/ansible/.ssh/authorized_keys
+chmod 700 /home/ansible/.ssh
+# Allow passwordless sudo
+echo "ansible ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/ansible
+
diff --git a/bootstrap/id_ansible_lab.pub b/bootstrap/id_ansible_lab.pub
new file mode 100644
index 0000000..8453a2f
--- /dev/null
+++ b/bootstrap/id_ansible_lab.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINRKrmDyGyAKcFGHWakIcbG9C2bLW+XaNdrD4ws6d+lw nicolo@Sidereus
diff --git a/inventory/lab/inventory.yml b/inventory/lab/inventory.yml
index c837742..1c10a3f 100644
--- a/inventory/lab/inventory.yml
+++ b/inventory/lab/inventory.yml
@@ -1,17 +1,18 @@
+---
 all:
   vars:
     ansible_user: nicolo
     ansible_ssh_private_key_file: ~/.ssh/id_ansible_lab
 
   children:
-    debian:
+    aton:
       hosts:
         debi13:
           ansible_host: 127.0.0.1
           ansible_port: 2224
-    ubuntu:
-      hosts:
         ubu24:
           ansible_host: 127.0.0.1
           ansible_port: 2223
-    
+        alma9:
+          ansible_host: 127.0.0.1
+          ansible_port: 2222
diff --git a/playbooks/webservers.yml b/playbooks/webservers.yml
index 7148011..50f35ad 100644
--- a/playbooks/webservers.yml
+++ b/playbooks/webservers.yml
@@ -1,5 +1,7 @@
+---
 - name: Configure webserver with nginx
-  hosts: debian
+  hosts:
+    - aton
   become: true
 
   roles:
diff --git a/roles/nginx/handlers/main.yml b/roles/nginx/handlers/main.yml
index 304fead..3ba7687 100644
--- a/roles/nginx/handlers/main.yml
+++ b/roles/nginx/handlers/main.yml
@@ -1,5 +1,5 @@
+---
 - name: Restart nginx
   ansible.builtin.service:
     name: nginx
     state: restarted
-
diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml
index 56d042e..667e1cf 100644
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@@ -1,3 +1,4 @@
+---
 - name: Ensure nginx is installed
   ansible.builtin.package:
     name: nginx
@@ -12,4 +13,3 @@
     group: root
     mode: '0644'
   notify: Restart nginx
-