From 49a50cd0069b59a466bf03e802caa21067e88a59 Mon Sep 17 00:00:00 2001 From: Lars Wirzenius Date: Wed, 6 Dec 2017 13:29:50 +0200 Subject: Add: new fields for unix_users list items --- roles/unix_users/defaults/main.yml | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/roles/unix_users/defaults/main.yml b/roles/unix_users/defaults/main.yml index d79958e..5914b08 100644 --- a/roles/unix_users/defaults/main.yml +++ b/roles/unix_users/defaults/main.yml @@ -5,6 +5,10 @@ # shell -- the shell to use (defaults to /bin/bash) # system -- yes/no, is user a system user (default no) # sudo -- yes/no, should user have sudo access? (without password) +# ssh_key -- install this as ~/.ssh/id_rsa +# ssh_key_pub -- install this as ~/.ssh/id_rsa.pub +# ssh_key_pub -- install this as ~/.ssh/id_rsa.pub +# authorized_keys -- install this as ~/.ssh/authorized_keys # unix_users: [] @@ -17,5 +21,10 @@ unix_users: [] # # You MUST create a file for each user in unix_users. An empty file # will do. +# +# THIS IS NOW DEPRECATED. DO NOT USE. If you leave this empty, the old, +# deprecated way of installing authorized_keys files is skipped. If you +# still use that, then set it in your own vars. But switch to the new +# way asap: set authorized_keys field for the user, see above. -authkeys_dir: / +authkeys_dir: -- cgit v1.2.1 From afdf7b83bcea213402c68a6d01c2269f4d4a2d82 Mon Sep 17 00:00:00 2001 From: Lars Wirzenius Date: Wed, 6 Dec 2017 13:40:37 +0200 Subject: Add: new way of installined authorized_keys The old way still works, but is ignored unless the authkeys_dir is set explicitly. --- roles/unix_users/tasks/main.yml | 40 +++++++++++++++++++++++++++++++++++++++- 1 file changed, 39 insertions(+), 1 deletion(-) diff --git a/roles/unix_users/tasks/main.yml b/roles/unix_users/tasks/main.yml index ad9095f..d948dc8 100644 --- a/roles/unix_users/tasks/main.yml +++ b/roles/unix_users/tasks/main.yml @@ -6,12 +6,50 @@ shell: "{{ item.shell|default('/bin/bash') }}" system: "{{ item.system|default('no') }}" -- name: add keys to authorized_keys +- name: create ~/.ssh for each user with_items: "{{ unix_users }}" + when: item.ssh_key is defined or item.ssh_key_pub is defined or item.authorized_keys is defined + file: + state: directory + path: "/home/{{ item.username }}/.ssh" + owner: "{{ item.username }}" + group: "{{ item.username }}" + mode: 0755 + +- name: install ssh private keys + with_items: "{{ unix_users }}" + when: item.ssh_key is defined + copy: + content: "{{ item.ssh_key }}" + dest: "/home/{{ item.username }}/.ssh/id_rsa" + owner: "{{ item.username }}" + group: "{{ item.username }}" + mode: 0600 + +- name: install ssh public keys + with_items: "{{ unix_users }}" + when: item.ssh_key_pub is defined + copy: + content: "{{ item.ssh_key_pub }}" + dest: "/home/{{ item.username }}/.ssh/id_rsa.pub" + owner: "{{ item.username }}" + group: "{{ item.username }}" + mode: 0600 + +- name: add keys to authorized_keys (deprecated way) + with_items: "{{ unix_users }}" + when: authkeys_dir != None authorized_key: user: "{{ item.username }}" key: "{{ lookup('file', authkeys_dir + '/' + item.username) }}" +- name: add keys to authorized_keys (new way) + with_items: "{{ unix_users }}" + when: item.authorized_keys is defined + authorized_key: + user: "{{ item.username }}" + key: "{{ item.authorized_keys }}" + - name: give sudo access with_items: "{{ unix_users }}" when: "{{ item.sudo|default(False) }}" -- cgit v1.2.1