From afdf7b83bcea213402c68a6d01c2269f4d4a2d82 Mon Sep 17 00:00:00 2001
From: Lars Wirzenius <liw@liw.fi>
Date: Wed, 6 Dec 2017 13:40:37 +0200
Subject: Add: new way of installined authorized_keys

The old way still works, but is ignored unless the authkeys_dir is
set explicitly.
---
 roles/unix_users/tasks/main.yml | 40 +++++++++++++++++++++++++++++++++++++++-
 1 file changed, 39 insertions(+), 1 deletion(-)

diff --git a/roles/unix_users/tasks/main.yml b/roles/unix_users/tasks/main.yml
index ad9095f..d948dc8 100644
--- a/roles/unix_users/tasks/main.yml
+++ b/roles/unix_users/tasks/main.yml
@@ -6,12 +6,50 @@
     shell: "{{ item.shell|default('/bin/bash') }}"
     system: "{{ item.system|default('no') }}"
 
-- name: add keys to authorized_keys
+- name: create ~/.ssh for each user
   with_items: "{{ unix_users }}"
+  when: item.ssh_key is defined or item.ssh_key_pub is defined or item.authorized_keys is defined
+  file:
+    state: directory
+    path: "/home/{{ item.username }}/.ssh"
+    owner: "{{ item.username }}"
+    group: "{{ item.username }}"
+    mode: 0755
+
+- name: install ssh private keys
+  with_items: "{{ unix_users }}"
+  when: item.ssh_key is defined
+  copy:
+    content: "{{ item.ssh_key }}"
+    dest: "/home/{{ item.username }}/.ssh/id_rsa"
+    owner: "{{ item.username }}"
+    group: "{{ item.username }}"
+    mode: 0600
+
+- name: install ssh public keys
+  with_items: "{{ unix_users }}"
+  when: item.ssh_key_pub is defined
+  copy:
+    content: "{{ item.ssh_key_pub }}"
+    dest: "/home/{{ item.username }}/.ssh/id_rsa.pub"
+    owner: "{{ item.username }}"
+    group: "{{ item.username }}"
+    mode: 0600
+
+- name: add keys to authorized_keys (deprecated way)
+  with_items: "{{ unix_users }}"
+  when: authkeys_dir != None
   authorized_key:
     user: "{{ item.username }}"
     key: "{{ lookup('file', authkeys_dir + '/' + item.username) }}"
 
+- name: add keys to authorized_keys (new way)
+  with_items: "{{ unix_users }}"
+  when: item.authorized_keys is defined
+  authorized_key:
+    user: "{{ item.username }}"
+    key: "{{ item.authorized_keys }}"
+
 - name: give sudo access
   with_items: "{{ unix_users }}"
   when: "{{ item.sudo|default(False) }}"
-- 
cgit v1.2.1