# This playbook creates an ssh accessed user that is part of the docker group
# The reason for this is to create a user that can access docker services but
# not have root permissions to the host machine itself.

---
- hosts: alpha
  remote_user: ubuntu
  become:  yes
  vars:
    NAME: dockerlass
  tasks:
    - name: Ensure Docker Group exists
      group:
        name: docker 
        state: present

    - name: Ensure Docker-Only User exists and is part of the Docker group
      user:
        state: present
        name: "{{ NAME }}"
        create_home: true
        groups: docker

    - name: Ensure safe ~/.ssh directory
      file:
        path: "/home/{{NAME}}/.ssh"
        state: directory
        mode: 0700
        owner: "{{ NAME }}"

    - name: Ensure safe Authorized keys file
      copy:
        src: "{{ DOCKERLASS_PUB_KEY_PATH }}"
        dest: "/home/{{NAME}}/.ssh/authorized_keys"
        mode: 0600
        owner: "{{ NAME }}"