Variable	Default	Description
`username`	`admin`	Username for the admin account
`password`	required	Password for the admin user
`shell`	`/bin/bash`	Default shell for the user
`passwordless_sudo`	`true`	Allow sudo without password
`ssh_pubkey_file`	required	Path to SSH public key file
`regenerate_ssh_host_keys`	`false`	Generate new SSH host keys
`extra_packages`	`[sudo, vim]`	Additional packages to install

Required Variables

You must provide these variables when using this role:

password: "your_secure_password"
ssh_pubkey_file: "/path/to/your/public/key.pub"

Usage

Basic Setup

- name: Initial system setup
  include_role:
    name: system-setup
  vars:
    password: "{{ admin_password }}"
    ssh_pubkey_file: "~/.ssh/id_rsa.pub"

Custom Configuration

- name: System setup with custom user
  include_role:
    name: system-setup
  vars:
    username: myuser
    password: "{{ user_password }}"
    shell: /bin/zsh
    ssh_pubkey_file: "keys/mykey.pub"
    passwordless_sudo: false
    regenerate_ssh_host_keys: true
    extra_packages:
      - sudo
      - vim
      - htop
      - git

What It Does

System Updates - Calls system-maintenance role for package updates
Package Installation - Installs packages from extra_packages list
User Creation - Creates user with password and sudo access
SSH Key Setup - Configures authorized keys for the user
SSH Hardening - Applies secure SSH configuration
Host Keys - Optionally regenerates SSH host keys

Requirements

Root privileges
SSH public key file accessible to Ansible
system-maintenance role (dependency)

Security Notes

SSH configuration is hardened by default
Password authentication can be disabled via SSH config
User is added to sudo group
SSH host key regeneration removes old keys completely