From 47be3301e16cd801377b86c548fb4590eb032039 Mon Sep 17 00:00:00 2001
From: Hyperling <me@hyperling.com>
Date: Sun, 31 Jan 2021 17:46:59 -0600
Subject: [PATCH] Add superuser, sudo group, and sudo group sudoers file.

---
 files/sudoers_ansible |  2 +-
 files/sudoers_sudo    |  1 +
 local.yml             |  2 ++
 tasks/groups.yml      |  6 ++++++
 tasks/sudo.yml        | 18 ++++++++++++++++++
 tasks/users.yml       | 25 +++++++++++++++++--------
 6 files changed, 45 insertions(+), 9 deletions(-)
 create mode 100644 files/sudoers_sudo
 create mode 100644 tasks/groups.yml
 create mode 100644 tasks/sudo.yml

diff --git a/files/sudoers_ansible b/files/sudoers_ansible
index 9888393..1f118d2 100644
--- a/files/sudoers_ansible
+++ b/files/sudoers_ansible
@@ -1 +1 @@
-ansible ALL=(ALL) NOPASSWD: ALL
+ansible ALL=(ALL) NOPASSWD: ALL
\ No newline at end of file
diff --git a/files/sudoers_sudo b/files/sudoers_sudo
new file mode 100644
index 0000000..f72a4b2
--- /dev/null
+++ b/files/sudoers_sudo
@@ -0,0 +1 @@
+%sudo ALL=(ALL) ALL
\ No newline at end of file
diff --git a/local.yml b/local.yml
index 120589b..ab86bac 100644
--- a/local.yml
+++ b/local.yml
@@ -15,8 +15,10 @@
 
   tasks:
     - include: tasks/packages.yml
+    - include: tasks/groups.yml
     - include: tasks/users.yml
     - include: tasks/cron.yml
+    - include: tasks/sudo.yml
     - include: tasks/harden.yml
       ignore_errors: yes
 
diff --git a/tasks/groups.yml b/tasks/groups.yml
new file mode 100644
index 0000000..09fbacd
--- /dev/null
+++ b/tasks/groups.yml
@@ -0,0 +1,6 @@
+---
+# Groups that do not come to all distros by default.
+
+- name: Ensure sudo group exists (Looking at you BSD!)
+  group:
+    name: sudo
diff --git a/tasks/sudo.yml b/tasks/sudo.yml
new file mode 100644
index 0000000..8777123
--- /dev/null
+++ b/tasks/sudo.yml
@@ -0,0 +1,18 @@
+---
+# Ensure the proper users have sudo access.
+
+- name: Add Ansible Sudoers File
+  copy:
+    src: sudoers_ansible
+    dest: "{{ sudoers_install_dir }}"
+    owner: root
+    group: "{{ root_group }}"
+    mode: 0440
+
+- name: Add Sudo Group Sudoers File
+  copy:
+    src: sudoers_sudo
+    dest: "{{ sudoers_install_dir }}"
+    owner: root
+    group: "{{ root_group }}"
+    mode: 0440
\ No newline at end of file
diff --git a/tasks/users.yml b/tasks/users.yml
index 2401f6c..56c5600 100644
--- a/tasks/users.yml
+++ b/tasks/users.yml
@@ -1,14 +1,23 @@
 ---
+# Create users for both desktop and server machines.
 
-- name: Create Ansible User
+# Scheduler
+- name: Create User Ansible
   user:
     name: ansible
+    comment: Ansible
     system: yes
+    
 
-- name: Add Ansible Sudoers File
-  copy:
-    src: sudoers_ansible
-    dest: "{{ sudoers_install_dir }}"
-    owner: root
-    group: "{{ root_group }}"
-    mode: 0440
+# Superuser
+- name: Create User Hyperling
+  user:
+    name: ling
+    comment: Hyperling
+    groups: 
+      - sudo
+    append: yes
+    shell: /bin/bash
+    create_home: yes
+    skeleton: yes
+    generate_ssh_key: yes
\ No newline at end of file