Merged client playbook and server playbook

roles/server_native-user-administrator/Readme.md

@@ -0,0 +1,6 @@
+# Role Administrator
+This role creates an standard administrator user.
+This user needs to type in his password before executing sudo.
+For security reasons it's recommended to use this user instead of the standard root user.
+This user should not be used to login to other systems. It's just there to let administration tasks run.
+For this reason no ssh-keys are generated.

roles/server_native-user-administrator/files/administrator

@@ -0,0 +1 @@
+administrator ALL=(ALL) ALL

roles/server_native-user-administrator/meta/main.yml

@@ -0,0 +1,2 @@
+dependencies:
+- native-sudo

roles/server_native-user-administrator/tasks/main.yml

@@ -0,0 +1,42 @@
+- name: create administrator
+  user:
+    name: administrator
+    update_password: on_create
+    password: "{{ user_administrator_initial_password | password_hash('sha512') }}"
+    create_home: yes
+    generate_ssh_key: yes
+    ssh_key_type: rsa
+    ssh_key_bits: 8192
+
+- name: create /home/administrator/.ssh/authorized_keys
+  copy:
+    src: "{{ inventory_dir }}/files/{{ inventory_hostname }}/home/administrator/.ssh/authorized_keys"
+    dest: /home/administrator/.ssh/authorized_keys
+    owner: administrator
+    group: administrator
+    mode: '0644'
+
+- name: grant administrator sudo rights with password
+  copy:
+    src: "administrator"
+    dest: /etc/sudoers.d/administrator
+    mode: '0644'
+    owner: root
+    group: root
+  notify: sshd restart
+
+- name: "create /home/administrator/scripts/"
+  file:
+    path: "/home/administrator/scripts"
+    state: directory
+    owner: administrator
+    group: administrator
+    mode: 0700
+
+- name: "create /home/administrator/volumes/"
+  file:
+    path: "/home/administrator/volumes"
+    state: directory
+    owner: administrator
+    group: administrator
+    mode: 0700