diff options
author | Lars Wirzenius <liw@liw.fi> | 2017-12-06 14:42:13 +0200 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2017-12-06 14:42:13 +0200 |
commit | 99d9654aad3e89bed54e9cff46ce69b155729340 (patch) | |
tree | 09f92d4d8f2680477a44ddd5d717ee8456d7807c | |
parent | 5ace3b2ef61776fee6e9a72ac5af478afa746432 (diff) | |
parent | afdf7b83bcea213402c68a6d01c2269f4d4a2d82 (diff) | |
download | debian-ansible-99d9654aad3e89bed54e9cff46ce69b155729340.tar.gz |
Merge branch 'liw/ssh'
-rw-r--r-- | roles/unix_users/defaults/main.yml | 11 | ||||
-rw-r--r-- | roles/unix_users/tasks/main.yml | 40 |
2 files changed, 49 insertions, 2 deletions
diff --git a/roles/unix_users/defaults/main.yml b/roles/unix_users/defaults/main.yml index d79958e..5914b08 100644 --- a/roles/unix_users/defaults/main.yml +++ b/roles/unix_users/defaults/main.yml @@ -5,6 +5,10 @@ # shell -- the shell to use (defaults to /bin/bash) # system -- yes/no, is user a system user (default no) # sudo -- yes/no, should user have sudo access? (without password) +# ssh_key -- install this as ~/.ssh/id_rsa +# ssh_key_pub -- install this as ~/.ssh/id_rsa.pub +# ssh_key_pub -- install this as ~/.ssh/id_rsa.pub +# authorized_keys -- install this as ~/.ssh/authorized_keys # unix_users: [] @@ -17,5 +21,10 @@ unix_users: [] # # You MUST create a file for each user in unix_users. An empty file # will do. +# +# THIS IS NOW DEPRECATED. DO NOT USE. If you leave this empty, the old, +# deprecated way of installing authorized_keys files is skipped. If you +# still use that, then set it in your own vars. But switch to the new +# way asap: set authorized_keys field for the user, see above. -authkeys_dir: / +authkeys_dir: diff --git a/roles/unix_users/tasks/main.yml b/roles/unix_users/tasks/main.yml index ad9095f..d948dc8 100644 --- a/roles/unix_users/tasks/main.yml +++ b/roles/unix_users/tasks/main.yml @@ -6,12 +6,50 @@ shell: "{{ item.shell|default('/bin/bash') }}" system: "{{ item.system|default('no') }}" -- name: add keys to authorized_keys +- name: create ~/.ssh for each user with_items: "{{ unix_users }}" + when: item.ssh_key is defined or item.ssh_key_pub is defined or item.authorized_keys is defined + file: + state: directory + path: "/home/{{ item.username }}/.ssh" + owner: "{{ item.username }}" + group: "{{ item.username }}" + mode: 0755 + +- name: install ssh private keys + with_items: "{{ unix_users }}" + when: item.ssh_key is defined + copy: + content: "{{ item.ssh_key }}" + dest: "/home/{{ item.username }}/.ssh/id_rsa" + owner: "{{ item.username }}" + group: "{{ item.username }}" + mode: 0600 + +- name: install ssh public keys + with_items: "{{ unix_users }}" + when: item.ssh_key_pub is defined + copy: + content: "{{ item.ssh_key_pub }}" + dest: "/home/{{ item.username }}/.ssh/id_rsa.pub" + owner: "{{ item.username }}" + group: "{{ item.username }}" + mode: 0600 + +- name: add keys to authorized_keys (deprecated way) + with_items: "{{ unix_users }}" + when: authkeys_dir != None authorized_key: user: "{{ item.username }}" key: "{{ lookup('file', authkeys_dir + '/' + item.username) }}" +- name: add keys to authorized_keys (new way) + with_items: "{{ unix_users }}" + when: item.authorized_keys is defined + authorized_key: + user: "{{ item.username }}" + key: "{{ item.authorized_keys }}" + - name: give sudo access with_items: "{{ unix_users }}" when: "{{ item.sudo|default(False) }}" |