Add: new way of installined authorized_keys

The old way still works, but is ignored unless the authkeys_dir is
set explicitly.

1 files changed, 39 insertions, 1 deletions

diff --git a/roles/unix_users/tasks/main.yml b/roles/unix_users/tasks/main.yml
index ad9095f..d948dc8 100644
--- a/roles/unix_users/tasks/main.yml
+++ b/roles/unix_users/tasks/main.yml
@@ -6,12 +6,50 @@
     shell: "{{ item.shell|default('/bin/bash') }}"
     system: "{{ item.system|default('no') }}"
 
-- name: add keys to authorized_keys
+- name: create ~/.ssh for each user
   with_items: "{{ unix_users }}"
+  when: item.ssh_key is defined or item.ssh_key_pub is defined or item.authorized_keys is defined
+  file:
+    state: directory
+    path: "/home/{{ item.username }}/.ssh"
+    owner: "{{ item.username }}"
+    group: "{{ item.username }}"
+    mode: 0755
+
+- name: install ssh private keys
+  with_items: "{{ unix_users }}"
+  when: item.ssh_key is defined
+  copy:
+    content: "{{ item.ssh_key }}"
+    dest: "/home/{{ item.username }}/.ssh/id_rsa"
+    owner: "{{ item.username }}"
+    group: "{{ item.username }}"
+    mode: 0600
+
+- name: install ssh public keys
+  with_items: "{{ unix_users }}"
+  when: item.ssh_key_pub is defined
+  copy:
+    content: "{{ item.ssh_key_pub }}"
+    dest: "/home/{{ item.username }}/.ssh/id_rsa.pub"
+    owner: "{{ item.username }}"
+    group: "{{ item.username }}"
+    mode: 0600
+
+- name: add keys to authorized_keys (deprecated way)
+  with_items: "{{ unix_users }}"
+  when: authkeys_dir != None
   authorized_key:
     user: "{{ item.username }}"
     key: "{{ lookup('file', authkeys_dir + '/' + item.username) }}"
 
+- name: add keys to authorized_keys (new way)
+  with_items: "{{ unix_users }}"
+  when: item.authorized_keys is defined
+  authorized_key:
+    user: "{{ item.username }}"
+    key: "{{ item.authorized_keys }}"
+
 - name: give sudo access
   with_items: "{{ unix_users }}"
   when: "{{ item.sudo|default(False) }}"