init

roles/setup_linux/tasks/main.yml

@@ -0,0 +1,3 @@
+---
+- include_tasks: system.yml
+- include_tasks: ssh.yml

roles/setup_linux/tasks/ssh.yml

@@ -0,0 +1,37 @@
+- name: Ensure ts-admin user exists
+  ansible.builtin.user:
+    name: ts-admin
+    shell: /bin/bash
+    state: present
+
+- name: Ensure .ssh directory exists for ts-admin
+  ansible.builtin.file:
+    path: /home/ts-admin/.ssh
+    state: directory
+    owner: ts-admin
+    group: ts-admin
+    mode: '0700'
+
+- name: Add authorized keys for ts-admin
+  ansible.builtin.authorized_key:
+    user: ts-admin
+    state: present
+    key: "{{ item }}"
+  loop: "{{ ssh_public_keys }}"
+  when: ssh_public_keys is defined
+
+- name: Ensure /etc/sudoers.d directory exists
+  ansible.builtin.file:
+    path: /etc/sudoers.d
+    state: directory
+    owner: root
+    group: root
+    mode: '0755'
+
+- name: Allow ts-admin passwordless sudo
+  ansible.builtin.copy:
+    dest: /etc/sudoers.d/ts-admin
+    content: "ts-admin ALL=(ALL) NOPASSWD:ALL\n"
+    owner: root
+    group: root
+    mode: '0440'

roles/setup_linux/tasks/system.yml

@@ -0,0 +1 @@
+---