====== Configuração das VMs ======
<file yaml vms-config.yaml>
- name: MVs config base
  hosts: all
  tasks:
    - name: Testing entries in the /etc/hosts file
      lineinfile:
        path: /etc/hosts
        line: "10.240.0.200 ansible-server.juntotelecom.com.br  ansible-server"
      register: etc_hosts_result

    - name: Clear file /etc/hosts
      when: etc_hosts_result is changed
      shell: echo '' > /etc/hosts
      register: etc_hosts_clear
      tags: hosts

    - name: Config file /etc/hosts
      when: etc_hosts_clear is succeeded
      lineinfile:
        path: /etc/hosts
        line: "{{ item.ip }}  {{ item.fqdn }} {{ item.alias }}"
      with_items:
        - { ip: '127.0.0.1', fqdn: 'localhost.localdomain', alias: 'localhost' }
        - { ip: '10.240.0.200', fqdn: 'ansible-server.juntotelecom.com.br', alias: 'ansible-server' }
        - { ip: '10.240.0.201', fqdn: 'ub-vm-01.juntotelecom.com.br', alias: 'ub-vm-01' }
        - { ip: '10.240.0.202', fqdn: 'ol-vm-02.juntotelecom.com.br', alias: 'ol-vm-02' }
        - { ip: '10.240.0.203', fqdn: 'de-vm-03.juntotelecom.com.br', alias: 'de-vm-03' }

    - name: Add User
      user:
        name: suporte
        comment: "Suporte JuntoTelecom"
        shell: /bin/bash
        password: $1$Jd0cyBxz$NMyEIiuVgXCsO2WFCcRvU0

    - name: Create .ssh for the new user
      file:
        mode: 0700
        owner: suporte
        group: suporte
        path: /home/suporte/.ssh
        state: directory

    - name: Copy authorized_keys to new user's .ssh folder
      ansible.builtin.copy:
        src: /etc/keys/sshkey.pub
        dest: /home/suporte/.ssh/authorized_keys
        owner: suporte
        group: suporte
        mode: 0644

    - name: Add user to sudo
      ansible.builtin.lineinfile:
        path: /etc/sudoers.d/suporte
        line: 'suporte ALL=(ALL) NOPASSWD: ALL'
        mode: 0440
        create: yes
        validate: /usr/sbin/visudo -cf %s

    - name: Disable password login
      ansible.builtin.lineinfile:
        path: /etc/ssh/sshd_config
        regexp: "^PasswordAuthentication"
        line: "PasswordAuthentication no"

    - name: SSH restart
      ansible.builtin.service:
        name: sshd
        state: restarted
</file>

<file bash>
$ sudo ansible-playbook --syntax-check vms-config.yaml

playbook: vms-config.yaml
</file>

<file bash>
$ sudo ansible debian -m shell -a "getent passwd | egrep suporte"
de-vm-03 | CHANGED | rc=0 >>
suporte:x:1001:1001:Suporte JuntoTelecom:/home/suporte:/bin/bash
</file>

<file bash>
$ sudo ansible oracle -m shell -e 'ansible_python_interpreter=/usr/bin/python3.9' -a "getent passwd | egrep suporte"
ol-vm-02 | CHANGED | rc=0 >>
suporte:x:1001:1001:Suporte JuntoTelecom:/home/suporte:/bin/bash
</file>

===== Referências =====
  - [[https://www.nathancurry.com/blog/23-hardening-ssh-with-ansible/|Hardening SSH With Ansible]]
  - [[https://gist.github.com/xsleonard/b1c1cd5e46cbd3fb13ea559eec6068f7|Ansible role to create a new user and disable root]]
  - [[https://docs.ansible.com/ansible/latest/collections/ansible/builtin/copy_module.html|ansible.builtin.copy module – Copy files to remote locations]]
  - [[https://adamtheautomator.com/ansible-create-user/|How to Use Ansible Create User Functionality in Linux]]
  - [[https://blaszkowski.com/2018/09/02/ansible-add-user-to-sudo|Ansible – add user to sudo]]
  - [[https://dev.to/project42/parallel-provisioning-with-vagrant-and-ansible-lgc|Parallel Provisioning with Vagrant and Ansible]]