computer-playbook/roles/user-administrator/tasks/01_core.yml

- name: Include dependency 'sys-sudo'
  include_role:
    name: sys-sudo
  when: run_once_sys_sudo is not defined

- name: create administrator
  user:
    name: administrator
    update_password: on_create
    password: "{{ users.administrator.password | password_hash('sha512') }}"
    create_home: yes
    generate_ssh_key: yes
    ssh_key_type: rsa
    ssh_key_bits: 8192
  no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}"  

- name: "set correct rights for {{ PATH_ADMINISTRATOR_HOME }}"
  file:
    path: "{{ PATH_ADMINISTRATOR_HOME }}"
    state: directory
    owner: administrator
    group: administrator
    mode: 0700

- name: "create {{ PATH_ADMINISTRATOR_SCRIPTS }}"
  file:
    path: "{{ PATH_ADMINISTRATOR_HOME }}scripts"
    state: directory
    owner: administrator
    group: administrator
    mode: 0700

- name: create {{ PATH_ADMINISTRATOR_HOME }}.ssh/authorized_keys
  copy:
    src: "{{ inventory_dir }}/files/{{ inventory_hostname }}{{ PATH_ADMINISTRATOR_HOME }}.ssh/authorized_keys"
    dest: "{{ PATH_ADMINISTRATOR_HOME }}.ssh/authorized_keys"
    owner: administrator
    group: administrator
    mode: '0644'

- name: grant administrator sudo rights with password
  copy:
    src: "administrator"
    dest: /etc/sudoers.d/administrator
    mode: '0644'
    owner: root
    group: root
  notify: sshd restart

- name: "embed user routines for {{ role_path | basename }}"
  include_role:
    name: user
  vars:
    user_name: "administrator"