Linting + bootstrap Ansible user

.gitignore

@@ -1,3 +1,3 @@
-id_ansible_lab*
+id_ansible_lab
 *.sw*
 inventory/prod/*.y*ml

bootstrap/create_ansible_user.sh

@@ -0,0 +1,14 @@
+#!/bin/env bash
+
+PUBKEY=./id_ansible.pub
+
+useradd ansible --create-home --shell /bin/bash
+# Ensure existing but unusable password (for Ubuntu)
+usermod -p '*' ansible
+mkdir /home/ansible/.ssh
+chown -R ansible:ansible /home/ansible/.ssh
+install -m 600 $PUBKEY /home/ansible/.ssh/authorized_keys
+chmod 700 /home/ansible/.ssh
+# Allow passwordless sudo
+echo "ansible ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/ansible
+

bootstrap/id_ansible_lab.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINRKrmDyGyAKcFGHWakIcbG9C2bLW+XaNdrD4ws6d+lw nicolo@Sidereus

inventory/lab/inventory.yml

@@ -1,17 +1,18 @@
+---
 all:
   vars:
     ansible_user: nicolo
     ansible_ssh_private_key_file: ~/.ssh/id_ansible_lab
 
   children:
-    debian:
+    aton:
       hosts:
         debi13:
           ansible_host: 127.0.0.1
           ansible_port: 2224
-    ubuntu:
-      hosts:
         ubu24:
           ansible_host: 127.0.0.1
           ansible_port: 2223
-    
+        alma9:
+          ansible_host: 127.0.0.1
+          ansible_port: 2222

playbooks/webservers.yml

@@ -1,5 +1,7 @@
+---
 - name: Configure webserver with nginx
-  hosts: debian
+  hosts:
+    - aton
   become: true
 
   roles:

roles/nginx/handlers/main.yml

@@ -1,5 +1,5 @@
+---
 - name: Restart nginx
   ansible.builtin.service:
     name: nginx
     state: restarted
-

roles/nginx/tasks/main.yml

@@ -1,3 +1,4 @@
+---
 - name: Ensure nginx is installed
   ansible.builtin.package:
     name: nginx
@@ -12,4 +13,3 @@
     group: root
     mode: '0644'
   notify: Restart nginx
-