diff options
-rw-r--r-- | roles/unix_users/defaults/main.yml | 11 | ||||
-rw-r--r-- | roles/unix_users/tasks/main.yml | 40 |
2 files changed, 49 insertions, 2 deletions
diff --git a/roles/unix_users/defaults/main.yml b/roles/unix_users/defaults/main.yml index d79958e..5914b08 100644 --- a/roles/unix_users/defaults/main.yml +++ b/roles/unix_users/defaults/main.yml @@ -5,6 +5,10 @@ # shell -- the shell to use (defaults to /bin/bash) # system -- yes/no, is user a system user (default no) # sudo -- yes/no, should user have sudo access? (without password) +# ssh_key -- install this as ~/.ssh/id_rsa +# ssh_key_pub -- install this as ~/.ssh/id_rsa.pub +# ssh_key_pub -- install this as ~/.ssh/id_rsa.pub +# authorized_keys -- install this as ~/.ssh/authorized_keys # unix_users: [] @@ -17,5 +21,10 @@ unix_users: [] # # You MUST create a file for each user in unix_users. An empty file # will do. +# +# THIS IS NOW DEPRECATED. DO NOT USE. If you leave this empty, the old, +# deprecated way of installing authorized_keys files is skipped. If you +# still use that, then set it in your own vars. But switch to the new +# way asap: set authorized_keys field for the user, see above. -authkeys_dir: / +authkeys_dir: diff --git a/roles/unix_users/tasks/main.yml b/roles/unix_users/tasks/main.yml index ad9095f..d948dc8 100644 --- a/roles/unix_users/tasks/main.yml +++ b/roles/unix_users/tasks/main.yml @@ -6,12 +6,50 @@ shell: "{{ item.shell|default('/bin/bash') }}" system: "{{ item.system|default('no') }}" -- name: add keys to authorized_keys +- name: create ~/.ssh for each user with_items: "{{ unix_users }}" + when: item.ssh_key is defined or item.ssh_key_pub is defined or item.authorized_keys is defined + file: + state: directory + path: "/home/{{ item.username }}/.ssh" + owner: "{{ item.username }}" + group: "{{ item.username }}" + mode: 0755 + +- name: install ssh private keys + with_items: "{{ unix_users }}" + when: item.ssh_key is defined + copy: + content: "{{ item.ssh_key }}" + dest: "/home/{{ item.username }}/.ssh/id_rsa" + owner: "{{ item.username }}" + group: "{{ item.username }}" + mode: 0600 + +- name: install ssh public keys + with_items: "{{ unix_users }}" + when: item.ssh_key_pub is defined + copy: + content: "{{ item.ssh_key_pub }}" + dest: "/home/{{ item.username }}/.ssh/id_rsa.pub" + owner: "{{ item.username }}" + group: "{{ item.username }}" + mode: 0600 + +- name: add keys to authorized_keys (deprecated way) + with_items: "{{ unix_users }}" + when: authkeys_dir != None authorized_key: user: "{{ item.username }}" key: "{{ lookup('file', authkeys_dir + '/' + item.username) }}" +- name: add keys to authorized_keys (new way) + with_items: "{{ unix_users }}" + when: item.authorized_keys is defined + authorized_key: + user: "{{ item.username }}" + key: "{{ item.authorized_keys }}" + - name: give sudo access with_items: "{{ unix_users }}" when: "{{ item.sudo|default(False) }}" |