From 8f15bf4f2bfc96fecbdc34ce0d8677779058e0a9 Mon Sep 17 00:00:00 2001
From: Salt <rehashedsalt@cock.li>
Date: Tue, 16 Jun 2020 10:04:54 -0500
Subject: [PATCH] Make some tweaks, actually add our Ansible user

---
 localhost-deploy.sh                   | 7 ++++---
 roles/common/tasks/ansibleuser.yml    | 7 +++++++
 roles/common/templates/90-ansible.cfg | 3 +++
 3 files changed, 14 insertions(+), 3 deletions(-)
 create mode 100644 roles/common/templates/90-ansible.cfg

diff --git a/localhost-deploy.sh b/localhost-deploy.sh
index 7f4b4b3..9bb9d6f 100755
--- a/localhost-deploy.sh
+++ b/localhost-deploy.sh
@@ -1,6 +1,7 @@
-#! /bin/sh
+#! /bin/bash
 #
-# deploy.sh
+# localhost-deploy.sh
+# Deploys configs for local machine and only local machine
 # Copyright (C) 2020 Vintage Salt <rehashedsalt@cock.li>
 #
 # Distributed under terms of the MIT license.
@@ -11,5 +12,5 @@ if ! command -v ansible > /dev/null 2>&1; then
 	sudo apt-get install python3-pip python3-setuptools -y
 	sudo pip3 install ansible
 fi
-ansible-playbook home.yml --ask-vault-pass --ask-become-pass "$@"
+ansible-playbook site.yml -l "$HOSTNAME" -e "ansible_user=$USER" --ask-become-pass --ask-vault-pass "$@"
 
diff --git a/roles/common/tasks/ansibleuser.yml b/roles/common/tasks/ansibleuser.yml
index abf52ab..8282f14 100644
--- a/roles/common/tasks/ansibleuser.yml
+++ b/roles/common/tasks/ansibleuser.yml
@@ -8,8 +8,15 @@
         groups: sudo
         password_lock: yes
         system: yes
+      become: yes
     - name: Add Ansible key to user
       authorized_key:
         user: ansible
         manage_dir: yes
         key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC8pjK7Z6V9IjxRtLB9Xwt5Rujj0iMQqOVExRkmkIzjEcblV/cqtwx4fOijoN9eQlmrjQg05rBWoHJoUiLH5LimU2HPQt9vSDSt/tTXNafhvi3St3nz+GA9yCwAkJfvz2QL/vnU7sfveYC2xmWZC0xjcG4bl8pL2GJgfyh4OnfS9vNRTpn1kAJ/Fl4vRLtRaFx1WzF3/RJUOkesYLegawSRJsaIamJFI5YxHe5VeTnFefVtssgbGrOj19uRDIZkBW/5uWsnNPVwbGUT089qioS11QFJaVOQCgU/E+4lxCHlRfLQ+gnXvaQV3j0JFk/I1bZNlCcNLHc0ZasXIqV+BUaR4au35QkDBjh38DCxesZ775tudXUp7KP6OHCC9i9ncIkum3mE+4K+0KAlS0oevUQdfguXkRQ6q3vydxEgWbBOx3jHi7i5AwvOnJqZRmUnfFp0qfhGfcS2pLEZhUcd0bOM6qAyK1XD5XRzXoVLS9bdHNUwCaIWie0tOYMLLmNooTU= ansible"
+    - name: Add Ansible user sudoers rule
+      template:
+        src: 90-ansible.cfg
+        dest: "/etc/sudoers.d/90-ansible.cfg
+        mode: "0440"
+      become: yes
diff --git a/roles/common/templates/90-ansible.cfg b/roles/common/templates/90-ansible.cfg
new file mode 100644
index 0000000..809567b
--- /dev/null
+++ b/roles/common/templates/90-ansible.cfg
@@ -0,0 +1,3 @@
+# Managed by Ansible
+
+ansible ALL=(ALL) NOPASSWD:ALL