#!/bin/sh

export DEBCONF_FRONTEND=noninteractive
apt-get install -y sudo

USER=ansible
echo "Adding $USER user and installing SSH key"

HOME=/var/lib/$USER
adduser --home $HOME --shell /bin/sh \
  --uid 999 --gid 65534 --disabled-password \
  --gecos 'Remote control with ansible' $USER

install -d -m 700 -o $USER -g nogroup $HOME/.ssh
cat <<_eof > $HOME/.ssh/authorized_keys
no-agent-forwarding,no-port-forwarding,no-user-rc,no-X11-forwarding ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDGUrO3VGYap3uyphcExiA4VXjXzwyiqXA4kD3o3uLi45Lw9TFCefwa815R4JkRhaGs/4pqy4Bqcmb6kbEOEaTS6xidedQOcuHIxk6nZfDAhGm95rmx1kSxgLIBYJn0RPFvdRiFuoGC07tn4FRQ/seiTVbbTtgy7Wrb3XqFMPhBp1EFfe0ASZdEUJ/EfZl/a72y/57DTflL6RzPIWF6t0z5URURSm3caC4Uxpvx3FK37xzXOd0il7ikv1UeC5pMopwR74zb9SfFiPVEcOK64jq8xnS7ugTOrlb+H5JwchOO88eUTD1pd72+4a7XkeHzneXT8mNROQJZUU1vxoJpZXFziL0uCtnR9QVt+/mE4q3MiYjq5YYOXYCJ0vKIDKVAkxv3U71N8WpnasLmC5mal7juuj8tHXqQJc8bNt7ZxoSRESwRjhIXmoIxdkso862KTM7FL5SKPGDwE8ifog4OU3PcI8C5dfTY1vMa7mZszsO3sK1+gpiJBUlWu0nv9Q2qB3KDPoKA/VnPGBitQSIMbFgDfUs/JXJ35q4ynxO/h0NqCPGXx1bECc6meepND99qo301kYPxYLY4FVeFMVJbcdS/kn0YxbMikaRmr3SqxaRUb4vl1NDKdtoIcIyS0Gh4AvTYtxlLZwShf8ImtRzLerLwqx73WWSIeNai+pHJJNTMvw== madduck@fishbowl
_eof
chmod -R u=rwX,og= $HOME
chown -R ${USER}.nogroup $HOME

SUDOFILE=/etc/sudoers.d/local-ansible-user
cat <<_eof > $SUDOFILE
Defaults>ansible !requiretty
$USER $(hostname --fqdn)=(root) NOPASSWD: ALL
_eof
chmod 440 $SUDOFILE