diff options
author | Lars Wirzenius <liw@liw.fi> | 2017-12-06 13:40:37 +0200 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2017-12-06 14:41:25 +0200 |
commit | afdf7b83bcea213402c68a6d01c2269f4d4a2d82 (patch) | |
tree | 09f92d4d8f2680477a44ddd5d717ee8456d7807c /roles/unix_users/tasks | |
parent | 49a50cd0069b59a466bf03e802caa21067e88a59 (diff) | |
download | debian-ansible-afdf7b83bcea213402c68a6d01c2269f4d4a2d82.tar.gz |
Add: new way of installined authorized_keys
The old way still works, but is ignored unless the authkeys_dir is
set explicitly.
Diffstat (limited to 'roles/unix_users/tasks')
-rw-r--r-- | roles/unix_users/tasks/main.yml | 40 |
1 files changed, 39 insertions, 1 deletions
diff --git a/roles/unix_users/tasks/main.yml b/roles/unix_users/tasks/main.yml index ad9095f..d948dc8 100644 --- a/roles/unix_users/tasks/main.yml +++ b/roles/unix_users/tasks/main.yml @@ -6,12 +6,50 @@ shell: "{{ item.shell|default('/bin/bash') }}" system: "{{ item.system|default('no') }}" -- name: add keys to authorized_keys +- name: create ~/.ssh for each user with_items: "{{ unix_users }}" + when: item.ssh_key is defined or item.ssh_key_pub is defined or item.authorized_keys is defined + file: + state: directory + path: "/home/{{ item.username }}/.ssh" + owner: "{{ item.username }}" + group: "{{ item.username }}" + mode: 0755 + +- name: install ssh private keys + with_items: "{{ unix_users }}" + when: item.ssh_key is defined + copy: + content: "{{ item.ssh_key }}" + dest: "/home/{{ item.username }}/.ssh/id_rsa" + owner: "{{ item.username }}" + group: "{{ item.username }}" + mode: 0600 + +- name: install ssh public keys + with_items: "{{ unix_users }}" + when: item.ssh_key_pub is defined + copy: + content: "{{ item.ssh_key_pub }}" + dest: "/home/{{ item.username }}/.ssh/id_rsa.pub" + owner: "{{ item.username }}" + group: "{{ item.username }}" + mode: 0600 + +- name: add keys to authorized_keys (deprecated way) + with_items: "{{ unix_users }}" + when: authkeys_dir != None authorized_key: user: "{{ item.username }}" key: "{{ lookup('file', authkeys_dir + '/' + item.username) }}" +- name: add keys to authorized_keys (new way) + with_items: "{{ unix_users }}" + when: item.authorized_keys is defined + authorized_key: + user: "{{ item.username }}" + key: "{{ item.authorized_keys }}" + - name: give sudo access with_items: "{{ unix_users }}" when: "{{ item.sudo|default(False) }}" |