5 files changed, 31 insertions, 0 deletions

diff --git a/ansible/.gitattributes b/ansible/.gitattributes
new file mode 100644
index 0000000..923ae1a
--- /dev/null
+++ b/ansible/.gitattributes
@@ -0,0 +1 @@
+roles/pydis-users/vars/main.yml filter=git-crypt diff=git-crypt
diff --git a/ansible/playbook.yml b/ansible/playbook.yml
index 2ada9c6..7881bf4 100644
--- a/ansible/playbook.yml
+++ b/ansible/playbook.yml
@@ -2,6 +2,7 @@
   hosts: all
   roles:
     - common
+    - pydis-users
     - ufw
     - prometheus-node-exporter
     - wireguard
diff --git a/ansible/roles/pydis-users/defaults/main.yml b/ansible/roles/pydis-users/defaults/main.yml
new file mode 100644
index 0000000..4170b63
--- /dev/null
+++ b/ansible/roles/pydis-users/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+pydis_users__users: []
diff --git a/ansible/roles/pydis-users/tasks/main.yml b/ansible/roles/pydis-users/tasks/main.yml
new file mode 100644
index 0000000..8378af8
--- /dev/null
+++ b/ansible/roles/pydis-users/tasks/main.yml
@@ -0,0 +1,27 @@
+---
+- name: Create users
+  ansible.builtin.user:
+    name: "{{ item.key }}"
+    groups: "{{ item.value.groups | default(omit) }}"
+    password: "{{ item.value.hashed_password | default(omit) }}"
+    shell: /bin/bash
+    state: present
+  loop_control:
+    label: "{{ item.key }}"
+  loop: "{{ pydis_users__users | dict2items }}"
+  tags:
+    - role::pydis-users
+
+- name: Manage authorized keys
+  ansible.posix.authorized_key:
+    comment: Ansible managed
+    exclusive: true
+    key: "{{ item.value.ssh_key }}"
+    key_options: "{{ item.value.ssh_key_options | default(omit) }}"
+    user: "{{ item.key }}"
+    state: present
+  loop_control:
+    label: "{{ item.key }}"
+  loop: "{{ pydis_users__users | dict2items }}"
+  tags:
+    - role::pydis-users
diff --git a/ansible/roles/pydis-users/vars/main.yml b/ansible/roles/pydis-users/vars/main.yml
new file mode 100644
index 0000000..ef918e6
--- /dev/null
+++ b/ansible/roles/pydis-users/vars/main.yml