ansible/roles/bank/tasks/login.yaml

---
- name: Install revbank login shell
  ansible.builtin.template:
    src: login.sh
    dest: /usr/local/bin/revbank-login
    owner: root
    group: root
    mode: "0755"

- name: Add user
  ansible.builtin.user:
    name: bank
    password: $6$idklol$QrOE/21LDR0vhZBAXwgA7AvnmR6Ju4ZqzAzgeazC08i2yw9kyQjgwu.uuV692iL/cyE7AteDYUxCpcorONXom. # "bank"
    home: /home/{{ bank_user }}
    shell: /usr/local/bin/revbank-login
    update_password: always

- name: Allow password auth for bank user
  ansible.builtin.blockinfile:
    path: /etc/ssh/sshd_config
    insertafter: EOF
    validate: "/usr/sbin/sshd -t -f %s"
    block: |-
      Match User {{ bank_user }}
          PasswordAuthentication yes
  notify: reload sshd

- name: Clear motd
  ansible.builtin.copy:
    content: ""
    dest: /etc/motd

- name: Remove autologin
  ansible.builtin.file:
    path: /etc/systemd/system/getty@tty1.service.d/override.conf
    state: absent
  notify: daemon reload
  when: not bank_local_tty

- when: bank_local_tty
  block:
    - name: Locate agetty
      ansible.builtin.command:
        cmd: command -v agetty
      register: agetty_location_cmd

    - ansible.builtin.set_fact:
        agetty_location: "{{ agetty_location_cmd.stdout_lines | join }}"

    - name: Create getty dir
      ansible.builtin.file:
        path: /etc/systemd/system/getty@tty1.service.d
        state: directory

    - name: Autologin User
      ansible.builtin.template:
        src: tty_autologin.conf
        dest: /etc/systemd/system/getty@tty1.service.d/override.conf
        owner: root
        group: root
        mode: 0644
      notify: daemon reload