From fc565fa3ce916d259fd18bf8b0c352ccc08fc91f Mon Sep 17 00:00:00 2001
From: Alex Tavarez <admin@sukaato.moe>
Date: Wed, 10 Jun 2026 13:57:11 -0400
Subject: [PATCH] created new playbook for nonroot user login, moved package
 installation stage/order prior to user/group management

---
 administrate@homeserver.yml.example | 29 +++++++++++++++++++++++++++++
 init@homeserver.yml.example         | 21 ++++++++++++---------
 2 files changed, 41 insertions(+), 9 deletions(-)
 create mode 100644 administrate@homeserver.yml.example

diff --git a/administrate@homeserver.yml.example b/administrate@homeserver.yml.example
new file mode 100644
index 0000000..e3233cc
--- /dev/null
+++ b/administrate@homeserver.yml.example
@@ -0,0 +1,29 @@
+- name: Initialize homeserver
+  hosts: armitage
+  remote_user: senpai
+  tasks:
+    - name: Installing requisite packages
+      ansible.builtin.include_role:
+        name: init-server
+        tasks_from: userspace@install-pkgs
+        handlers_from: userspace
+    - name: Disable root user shell login
+      become: true
+      ansible.builtin.user:
+        name: root
+        shell: /sbin/nologin
+      tags:
+        - disable_root_shell
+    - name: Disable login for root user altogether
+      become: true
+      ansible.builtin.user:
+        name: root
+        password: "'*'"
+      tags:
+        - disable_root_login
+    - name: Configuring aliases for using git
+      community.general.git_config:
+        name: "alias.{{ item[0] }}"
+        scope: global
+        value: "{{ item[1] }}"
+      loop: []
\ No newline at end of file
diff --git a/init@homeserver.yml.example b/init@homeserver.yml.example
index 8028da3..03f6c9d 100644
--- a/init@homeserver.yml.example
+++ b/init@homeserver.yml.example
@@ -5,8 +5,8 @@
   vars:
     harden: true
     local_facts:
-      user_dir: ~
-      user_id: ~
+      user_id: ~ # REQUIRED
+      user_dir: ~ # REQUIRED
   tasks:
     - name: Hardening SSH server
       ansible.builtin.include_role:
@@ -17,12 +17,15 @@
         # defaults_from: main # not required. File to load from a role's C(defaults/) directory.
         # allow_duplicates: True # not required. Overrides the role's metadata setting to allow using a role more than once with the same parameters.
         # handlers_from: main # not required. File to load from a role's C(handlers/) directory.
+    - name: Installing requisite packages
+      ansible.builtin.include_role:
+        name: init-server
+        tasks_from: core@install-pkgs
+        handlers_from: core
+    # - name: Reboot machine for shell environment change
+    #   ansible.builtin.reboot:
+    #     msg: Rebooting machine
     - name: Initializing groups and users
       ansible.builtin.include_role:
-        name: init-server  # required. The name of the role to be executed.
-        # apply:  # not required. Accepts a hash of task keywords (e.g. C(tags), C(become)) that will be applied to all tasks within the included role.
-        tasks_from: ssh-users # not required. File to load from a role's C(tasks/) directory.
-        vars_from: main # not required. File to load from a role's C(vars/) directory.
-        defaults_from: main # not required. File to load from a role's C(defaults/) directory.
-        # allow_duplicates: True # not required. Overrides the role's metadata setting to allow using a role more than once with the same parameters.
-        # handlers_from: main # not required. File to load from a role's C(handlers/) directory.
\ No newline at end of file
+        name: init-server
+        tasks_from: ssh-users
\ No newline at end of file