From 1542b0faf0cb596aadf80dbdaaa590e88d8fb6dc Mon Sep 17 00:00:00 2001
From: Sam Al-Sapti <sam@sapti.me>
Date: Tue, 7 Mar 2023 22:04:34 +0100
Subject: [PATCH 1/2] Use sudo instead of root

---
 .gitignore                        |  1 +
 Makefile                          | 10 ++++++++--
 ansible.cfg => ansible.cfg.sample |  2 +-
 deploy.sh                         |  2 +-
 4 files changed, 11 insertions(+), 4 deletions(-)
 rename ansible.cfg => ansible.cfg.sample (73%)

diff --git a/.gitignore b/.gitignore
index 6a544c3..b3fdcbd 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,3 +4,4 @@ playbook.retry
 *.log
 .idea/
 venv/
+/ansible.cfg
diff --git a/Makefile b/Makefile
index 4c47f67..812dfbe 100644
--- a/Makefile
+++ b/Makefile
@@ -1,4 +1,10 @@
-init: create_venv install_pre_commit install_ansible_galaxy_modules
+init: create_ansible_cfg create_venv install_pre_commit install_ansible_galaxy_modules
+
+.ONESHELL:
+create_ansible_cfg:
+	read -rp "Enter remote username: " REMOTE_USER
+	cp ansible.cfg.sample ansible.cfg
+	sed -i "s/REMOTE_USER/$$REMOTE_USER/g" ansible.cfg
 
 create_venv:
 	python3 -m venv venv
@@ -9,4 +15,4 @@ install_pre_commit:
 	venv/bin/pre-commit install
 
 install_ansible_galaxy_modules:
-	venv/bin/ansible-galaxy collection install community.general
\ No newline at end of file
+	venv/bin/ansible-galaxy collection install community.general
diff --git a/ansible.cfg b/ansible.cfg.sample
similarity index 73%
rename from ansible.cfg
rename to ansible.cfg.sample
index 42063be..3a0dcd2 100644
--- a/ansible.cfg
+++ b/ansible.cfg.sample
@@ -1,4 +1,4 @@
 [defaults]
-remote_user = root
+remote_user = REMOTE_USER
 inventory = datacoop_hosts
 use_persistent_connections = True
diff --git a/deploy.sh b/deploy.sh
index 5777829..7f9ac10 100755
--- a/deploy.sh
+++ b/deploy.sh
@@ -8,7 +8,7 @@ usage () {
     } >&2
 }
 
-BASE_CMD="ansible-playbook playbook.yml --ask-vault-pass"
+BASE_CMD="ansible-playbook playbook.yml --ask-become-pass --ask-vault-pass"
 
 if [ "$1" = "--vagrant" ]; then
     BASE_CMD="$BASE_CMD --verbose --inventory=vagrant_host"
-- 
2.40.1


From 0fd11fee37d9f3136dde1b606c69b7372ffd6298 Mon Sep 17 00:00:00 2001
From: Sam Al-Sapti <sam@sapti.me>
Date: Tue, 7 Mar 2023 22:05:01 +0100
Subject: [PATCH 2/2] Don't add SSH keys to root

---
 roles/ubuntu_base/tasks/users.yml | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/roles/ubuntu_base/tasks/users.yml b/roles/ubuntu_base/tasks/users.yml
index 8ef07b6..1a3f6fb 100644
--- a/roles/ubuntu_base/tasks/users.yml
+++ b/roles/ubuntu_base/tasks/users.yml
@@ -15,9 +15,3 @@
     key: "{{ item.ssh_keys | join('\n') }}"
     exclusive: true
   loop: "{{ users | default([]) }}"
-
-- name: "Add ssh authorized_keys to root user"
-  ansible.posix.authorized_key:
-    user: "root"
-    key: "{{ users | default([]) | map(attribute='ssh_keys') | flatten | join('\n') }}"
-    exclusive: true
-- 
2.40.1