6 files changed, 90 insertions, 0 deletions

diff --git a/roles/guest-configure/tasks/main.yml b/roles/guest-configure/tasks/main.yml
new file mode 100644
index 0000000..4e4b429
--- /dev/null
+++ b/roles/guest-configure/tasks/main.yml
@@ -0,0 +1,17 @@
+- name: Wait for guest connectivity
+  ansible.builtin.wait_for_connection:
+
+- name: Gather facts
+  ansible.builtin.setup:
+
+- name: Import user creation task
+  ansible.builtin.import_tasks: user.yml
+
+- name: Import update task
+  ansible.builtin.import_tasks: update.yml
+
+- name: Import packages task
+  ansible.builtin.import_tasks: packages.yml
+
+- name: Import services task
+  ansible.builtin.import_tasks: services.yml
diff --git a/roles/guest-configure/tasks/packages.yml b/roles/guest-configure/tasks/packages.yml
new file mode 100644
index 0000000..cffd690
--- /dev/null
+++ b/roles/guest-configure/tasks/packages.yml
@@ -0,0 +1,5 @@
+- name: Install packages
+  ansible.builtin.package:
+    name: "{{ item }}"
+    state: present
+  loop: "{{ guest_configure_packages }}"
diff --git a/roles/guest-configure/tasks/services.yml b/roles/guest-configure/tasks/services.yml
new file mode 100644
index 0000000..56a5626
--- /dev/null
+++ b/roles/guest-configure/tasks/services.yml
@@ -0,0 +1,6 @@
+- name: Enable and start services
+  ansible.builtin.service:
+    name: "{{ item }}"
+    enabled: yes
+    state: started
+  loop: "{{ guest_configure_services }}"
diff --git a/roles/guest-configure/tasks/update.yml b/roles/guest-configure/tasks/update.yml
new file mode 100644
index 0000000..f74b190
--- /dev/null
+++ b/roles/guest-configure/tasks/update.yml
@@ -0,0 +1,4 @@
+- name: Update all packages
+  ansible.builtin.package:
+    name: "*"
+    state: latest
diff --git a/roles/guest-configure/tasks/user.yml b/roles/guest-configure/tasks/user.yml
new file mode 100644
index 0000000..c0e418b
--- /dev/null
+++ b/roles/guest-configure/tasks/user.yml
@@ -0,0 +1,52 @@
+- name: Create user
+  ansible.builtin.user:
+    name: "{{ guest_configure_user }}"
+
+- name: RedHat block
+  block:
+    - name: Add user to sudo group (RedHat)
+      ansible.builtin.user:
+        name: "{{ guest_configure_user }}"
+        groups: "wheel"
+        append: yes
+
+    - name: Allow wheel group nopasswd in sudoers (RedHat)
+      lineinfile:
+        path: /etc/sudoers
+        state: present
+        regexp: '^%wheel'
+        line: '%wheel ALL=(ALL) NOPASSWD: ALL'
+        validate: 'visudo -cf %s'
+  when: ansible_os_family == "RedHat"
+
+- name: Debian block
+  block:
+    - name: Add user to sudo group (Debian)
+      ansible.builtin.user:
+        name: "{{ guest_configure_user }}"
+        groups: "sudo"
+        append: yes
+
+    - name: Allow sudo group nopasswd in sudoers (Debian)
+      lineinfile:
+        path: /etc/sudoers
+        state: present
+        regexp: '^%sudo'
+        line: '%sudo ALL=(ALL) NOPASSWD: ALL'
+        validate: 'visudo -cf %s'
+  when: ansible_os_family == "Debian"
+
+- name: Create user .ssh folder
+  ansible.builtin.file:
+    path: "/home/{{ guest_configure_user }}/.ssh/"
+    state: directory
+    mode: "0700"
+    owner: "{{ guest_configure_user }}"
+
+- name: Copy root ssh authorized_keys key to new user
+  ansible.builtin.copy:
+    src: "/root/.ssh/authorized_keys"
+    dest: "/home/{{ guest_configure_user }}/.ssh/authorized_keys"
+    remote_src: yes
+    mode: "0600"
+    owner: "{{ guest_configure_user }}"
diff --git a/roles/guest-configure/vars/main.yml b/roles/guest-configure/vars/main.yml
new file mode 100644
index 0000000..10881fb
--- /dev/null
+++ b/roles/guest-configure/vars/main.yml
@@ -0,0 +1,6 @@
+ansible_ssh_common_args: "-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"
+ansible_user: root
+
+guest_configure_user: "{{ user }}"
+guest_configure_packages: "{{ packages }}"
+guest_configure_services: "{{ services }}"