aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorbinary <me@rgoncalves.se>2020-12-06 15:15:10 +0100
committerbinary <me@rgoncalves.se>2020-12-06 15:15:10 +0100
commit7d6b98e708f9f468a54cfb114bf45cc63a69b9bd (patch)
tree392be359295b1df9ce0d6baaf266ba29e0bddf9c
parent06ea085df10929a10e003ab28cf0aed22aaa462e (diff)
downloadinfrastructure-7d6b98e708f9f468a54cfb114bf45cc63a69b9bd.tar.gz
Add dynamic ssh keys for users based on implicit directories
l---------files/pubkeys/puffy/rgoncalves.pub1
-rw-r--r--roles/sshd/tasks/main.yml21
2 files changed, 22 insertions, 0 deletions
diff --git a/files/pubkeys/puffy/rgoncalves.pub b/files/pubkeys/puffy/rgoncalves.pub
new file mode 120000
index 0000000..f869ceb
--- /dev/null
+++ b/files/pubkeys/puffy/rgoncalves.pub
@@ -0,0 +1 @@
+../rgoncalves.pub \ No newline at end of file
diff --git a/roles/sshd/tasks/main.yml b/roles/sshd/tasks/main.yml
index 0969429..8c032ee 100644
--- a/roles/sshd/tasks/main.yml
+++ b/roles/sshd/tasks/main.yml
@@ -12,6 +12,27 @@
group: "{{ group_root }}"
mode: 0644
+- name: get ssh keys for all user
+ find:
+ paths: "{{ inventory_dir }}/files/pubkeys"
+ pattern: "*.pub"
+ recurse: true
+ file_type: link
+ register: keys
+ delegate_to: localhost
+
+- name: show pubkeys
+ debug:
+ var: keys
+
+- name: synchronize ssh keys
+ ansible.posix.authorized_key:
+ user: "{{ item.path | dirname | basename }}"
+ state: present
+ key: "{{ lookup('file', item.path) }}"
+ ignore_errors: true
+ loop: "{{ keys.files }}"
+
- name: restart sshd
service:
name: sshd
remember that computers suck.