Merge branch 'liw/ssh'

2 files changed, 49 insertions, 2 deletions

diff --git a/roles/unix_users/defaults/main.yml b/roles/unix_users/defaults/main.yml
index d79958e..5914b08 100644
--- a/roles/unix_users/defaults/main.yml
+++ b/roles/unix_users/defaults/main.yml
@@ -5,6 +5,10 @@
 #       shell -- the shell to use (defaults to /bin/bash)
 #       system -- yes/no, is user a system user (default no)
 #       sudo -- yes/no, should user have sudo access? (without password)
+#       ssh_key -- install this as ~/.ssh/id_rsa
+#       ssh_key_pub -- install this as ~/.ssh/id_rsa.pub
+#       ssh_key_pub -- install this as ~/.ssh/id_rsa.pub
+#       authorized_keys -- install this as ~/.ssh/authorized_keys
 #
 
 unix_users: []
@@ -17,5 +21,10 @@ unix_users: []
 #
 # You MUST create a file for each user in unix_users. An empty file
 # will do.
+#
+# THIS IS NOW DEPRECATED. DO NOT USE. If you leave this empty, the old,
+# deprecated way of installing authorized_keys files is skipped. If you
+# still use that, then set it in your own vars. But switch to the new
+# way asap: set authorized_keys field for the user, see above.
 
-authkeys_dir: /
+authkeys_dir:
diff --git a/roles/unix_users/tasks/main.yml b/roles/unix_users/tasks/main.yml
index ad9095f..d948dc8 100644
--- a/roles/unix_users/tasks/main.yml
+++ b/roles/unix_users/tasks/main.yml
@@ -6,12 +6,50 @@
     shell: "{{ item.shell|default('/bin/bash') }}"
     system: "{{ item.system|default('no') }}"
 
-- name: add keys to authorized_keys
+- name: create ~/.ssh for each user
   with_items: "{{ unix_users }}"
+  when: item.ssh_key is defined or item.ssh_key_pub is defined or item.authorized_keys is defined
+  file:
+    state: directory
+    path: "/home/{{ item.username }}/.ssh"
+    owner: "{{ item.username }}"
+    group: "{{ item.username }}"
+    mode: 0755
+
+- name: install ssh private keys
+  with_items: "{{ unix_users }}"
+  when: item.ssh_key is defined
+  copy:
+    content: "{{ item.ssh_key }}"
+    dest: "/home/{{ item.username }}/.ssh/id_rsa"
+    owner: "{{ item.username }}"
+    group: "{{ item.username }}"
+    mode: 0600
+
+- name: install ssh public keys
+  with_items: "{{ unix_users }}"
+  when: item.ssh_key_pub is defined
+  copy:
+    content: "{{ item.ssh_key_pub }}"
+    dest: "/home/{{ item.username }}/.ssh/id_rsa.pub"
+    owner: "{{ item.username }}"
+    group: "{{ item.username }}"
+    mode: 0600
+
+- name: add keys to authorized_keys (deprecated way)
+  with_items: "{{ unix_users }}"
+  when: authkeys_dir != None
   authorized_key:
     user: "{{ item.username }}"
     key: "{{ lookup('file', authkeys_dir + '/' + item.username) }}"
 
+- name: add keys to authorized_keys (new way)
+  with_items: "{{ unix_users }}"
+  when: item.authorized_keys is defined
+  authorized_key:
+    user: "{{ item.username }}"
+    key: "{{ item.authorized_keys }}"
+
 - name: give sudo access
   with_items: "{{ unix_users }}"
   when: "{{ item.sudo|default(False) }}"