From 2fc23d9774f05830f23fffb1eea862d7ee1fb0f0 Mon Sep 17 00:00:00 2001
From: Marty Oehme <contact@martyoeh.me>
Date: Wed, 19 Nov 2025 14:35:30 +0100
Subject: [PATCH] feat: Set up timezone and users and groups on system host

---
 roles/system/defaults/main.yaml | 13 +++++++++++++
 roles/system/tasks/main.yaml    | 25 +++++++++++++++++++++++++
 2 files changed, 38 insertions(+)

diff --git a/roles/system/defaults/main.yaml b/roles/system/defaults/main.yaml
index e60978c..11712bb 100644
--- a/roles/system/defaults/main.yaml
+++ b/roles/system/defaults/main.yaml
@@ -1,4 +1,17 @@
 ---
 
+system_timezone: "Europe/Berlin"
+system_users:
+  - name: marty
+    groups:
+      - marty
+      - data
+      - incus-admin
+  - name: data
+    groups:
+      - data
+    create_home: false
+    shell: /sbin/nologin
+
 system_authorized_keys:
   - "{{ lookup('file', '~/.ssh/keys/bob.pub') }}"
diff --git a/roles/system/tasks/main.yaml b/roles/system/tasks/main.yaml
index 0263ec1..d2c4f42 100644
--- a/roles/system/tasks/main.yaml
+++ b/roles/system/tasks/main.yaml
@@ -36,6 +36,31 @@
     - packages
   become: true
 
+- name: Set correct timezone
+  community.general.timezone:
+    name: "{{ system_timezone }}"
+  when: "system_timezone"
+  become: true
+
+- name: Create necessary groups
+  ansible.builtin.group:
+    name: "{{ item }}"
+    state: present
+  loop: "{{ system_users | map(attribute='groups') | flatten | unique }}"
+  when: "system_users"
+  become: true
+
+- name: Set up system users
+  ansible.builtin.user:
+    name: "{{ item.name }}"
+    groups: "{{ item.groups }}"
+    append: "{{ item.append | default(true) }}"
+    create_home: "{{ item.create_home | default(false) }}"
+    shell: "{{ item.shell | default('/bin/bash') }}"
+  loop: "{{ system_users }}"
+  when: "system_users"
+  become: true
+
 - name: Add authorized SSH keys
   ansible.posix.authorized_key:
     user: marty # FIXME: don't hardoce user