ansible-pull/roles/base/tasks/users/root.yml

- name: users | root | ensure account is locked
  user:
    name: root
    password_lock: yes

- name: users | root | install public ssh keys
  authorized_key:
    user: root
    state: present
    key: '{{ item }}'
  with_items:
    - public_keys/id_dsa.pub
    - public_keys/id_ed25519.pub
    - public_keys/rene_id_rsa.pub
    - public_keys/root_id_rsa.pub
    - public_keys/yubikey.pub

# - name: users | root | install public key for backups
#   authorized_keys:
#     user: root
#     state: present
#     key: public_keys/backup_ed25519.pub
#     key_options: 'from="192.168.1.240",command="~/validate-rsync.sh"'

# - name: users | root | create script directories
#   file:
#     path: "{{ root_home }}/scripts"
#     state: directory
#     mode: '0755'

# - name: users | root | clone root_bins
#   git:
#     repo: 'https://gitlab.social.my-wan.de/rene/root-bin.git'
#     dest: "{{ root_home }}/bin"

######################################################
# Learn Linux TV example
######################################################
# - name: users | root | create config directories
#   file:
#     path: /root/{{ item.dir }}
#     state: directory
#     owner: root
#     group: root
#     mode: 0700
#   with_items:
#     - {dir: '.vim'}
#     - {dir: '.vim/colors'}
#   tags: dotfiles

# - name: users | root | copy dotfiles
#   copy:
#     src: users/root/{{ item.src }}
#     dest: /root/{{ item.dest }}
#     owner: root
#     group: root
#     mode: 0600
#   with_items:
#     - {src: 'bash/bashrc', dest: '.bashrc'}
#     - {src: 'bash/bash_profile', dest: '.bash_profile'}
#     - {src: 'bash/profile', dest: '.profile'}
#     - {src: 'tmux/tmux.conf', dest: '.tmux.conf'}
#     - {src: 'vim/vimrc', dest: '.vimrc'}
#     - {src: 'zsh/zshrc', dest: '.zshrc'}
#   tags: dotfiles