- name: Create groups.
  hosts: all
  gather_facts: false
  become: true
  tasks:
  - name: Create sudoer group.
    ansible.builtin.group:
      name: sshman-sudoer
  - name: Set sudo permissions for sudoers.
    ansible.builtin.copy:
      validate: visudo -cf %s
      dest: /etc/sudoers.d/sshman-sudoer
      content: |
        %sshman-sudoer ALL=(ALL)  ALL
        Defaults:%sshman-sudoer rootpw
  - name: Create nopass group.
    ansible.builtin.group:
      name: sshman-nopass
  - name: Set sudo permissions for nopasss.
    ansible.builtin.copy:
      content: |
        %sshman-nopass ALL=(ALL) NOPASSWD: ALL
        Defaults:%sshman-nopass rootpw
      dest: /etc/sudoers.d/sshman-nopass
      validate: visudo -cf %s
- name: Create accounts for sudoerjoe.
  hosts: sydney:melbourne:&staging
  gather_facts: false
  become: true
  tasks:
  - name: Create sudoer account.
    ansible.builtin.user:
      group: sshman-sudoer
      groups: sshman-sudoer
      name: sudoerjoe
  - name: Remove sudoer account password.
    ansible.builtin.user:
      password: '*'
      name: sudoerjoe
- name: Create accounts for nopasspetey.
  hosts: melbourne
  gather_facts: false
  become: true
  tasks:
  - name: Create sudoer account.
    ansible.builtin.user:
      group: sshman-nopass
      groups: sshman-nopass
      name: nopasspetey
  - name: Remove sudoer account password.
    ansible.builtin.user:
      password: '*'
      name: nopasspetey
- name: Create accounts for superuser.
  hosts: '*'
  gather_facts: false
  become: true
  tasks:
  - name: Create root alias.
    ansible.builtin.user:
      group: root
      name: superuser
      uid: '0'
      groups: root
      non_unique: 'true'
  - name: Remove root alias password.
    ansible.builtin.user:
      password: '*'
      name: superuser
- name: Create accounts for igotfired.
  hosts: '*'
  gather_facts: false
  become: true
  tasks: []
- name: Authorize keys for sudoerjoe.
  hosts: sydney:melbourne:&staging
  gather_facts: false
  become: true
  tasks:
  - name: Authorize public key.
    ansible.posix.authorized_key:
      exclusive: 'true'
      user: sudoerjoe
      key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILaoRJBFVuJpx4fZ6Gh4WAkiPT2MoMfUJlog6byttAKc sudoerjoe@mydesktop
      state: present
- name: Authorize keys for nopasspetey.
  hosts: melbourne
  gather_facts: false
  become: true
  tasks:
  - name: Authorize public key.
    ansible.posix.authorized_key:
      user: nopasspetey
      exclusive: 'true'
      key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIARL4yy4L4t/nzjMHyBjeJJeXjb4kncXYOtS+w9I4Wrj lkirkwood@lkirkwood-desktop
      state: present
- name: Authorize keys for superuser.
  hosts: '*'
  gather_facts: false
  become: true
  tasks:
  - name: Authorize public key.
    ansible.posix.authorized_key:
      state: present
      user: superuser
      exclusive: 'true'
      key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC3YYRDSyInadd73js6DURXguj1/fV7Z8ovzUslda3mrPC5aFiXWY5ocMiUaN6zhVGVbt5VwC18Pmub2WrMBpbZ8FMdr1J10+pe2p0Z2vqszwgLZaemtorNqxgS25BEn3HS1gCFPhXgEf4Z2MDR0tReJoaPcp38LiV0hkOyPzYCdWC3KEDBRQKjuqjQSVx2iL5khEaouIWu2fkRngfZ1O5Z4WZT51iS5Gh6JnbeFZWDkft1rI1Dmh55qWeMyye+2A5irocwBi2DPEdH7H1Y4pRzG3/qjmys2f1KOABRhWMruiaFmEeS58p0IZYiUUcaYWN0Cm706viU2DmacnUfeWUIZ9PwaWg6i2NviPxsixV++vvbzdaBdb9e9g36clgyeRGdSGDGjH3j58L53kNDw8d4sKkHiu4uUip8OGLIuheWVCvpedCP+W9a/N08/unxI3iaX6hro6R5ScVcpFhlyhUnVFHy3x5FeckMo0jH2PA66nKjJJdlzlawpdnHz3ypeZc= superuser@company
- name: Authorize keys for igotfired.
  hosts: '*'
  gather_facts: false
  become: true
  tasks:
  - name: Authorize public key.
    ansible.posix.authorized_key:
      key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICm2NWpW1qPtZneP6b5OQrW+KK1fLIaehS+j6c4A+YOF igotfired@nojob
      exclusive: 'true'
      state: absent
      user: igotfired
    ignore_errors: true