# HG changeset patch
# User Luke Hoersten <luke@hoersten.org>
# Date 1581804913 21600
# Node ID 524cf40846b361b48b6b376dd5efc247f852d306
# Parent  e58af497ee2fd77b5b0e6e7aaac2a8fa593e5012
Added better use for admin user.

diff -r e58af497ee2f -r 524cf40846b3 rpi-base/tasks/main.yml
--- a/rpi-base/tasks/main.yml	Sat Feb 15 14:30:44 2020 -0600
+++ b/rpi-base/tasks/main.yml	Sat Feb 15 16:15:13 2020 -0600
@@ -37,6 +37,32 @@
   become: yes
   copy: src="jail.local" dest="/etc/fail2ban/jail.local"
 
+- name: add users
+  become: yes
+  user:
+    name: "{{admin_user_name}}"
+    password: "{{admin_user_password}}"
+    groups: "sudo,users"
+    append: yes
+
 - name: authorize admin ssh keys
   become: yes
+  authorized_key: user="{{admin_user_name}}" key="https://github.com/{{github_user}}.keys"
+
+- name: authorize pi ssh keys
+  become: yes
   authorized_key: user="{{ansible_user}}" key="https://github.com/{{github_user}}.keys"
+
+- name: nopasswd sudo for admin user
+  become: yes
+  template:
+    src: "010_admin-nopasswd"
+    dest: "/etc/sudoers.d/010_admin-nopasswd"
+
+- name: disable ssh password login
+  become: yes
+  lineinfile:
+    path: "/etc/ssh/sshd_config"
+    regexp: "^PasswordAuthentication"
+    insertafter: "^#PasswordAuthentication"
+    line: "PasswordAuthentication no"
diff -r e58af497ee2f -r 524cf40846b3 rpi-base/templates/010_admin-nopasswd
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/rpi-base/templates/010_admin-nopasswd	Sat Feb 15 16:15:13 2020 -0600
@@ -0,0 +1,1 @@
+{{admin_user_name}} ALL=(ALL) NOPASSWD: ALL