diff options
| author | Romain Gonçalves <me@rgoncalves.se> | 2023-01-18 21:06:51 +0100 |
|---|---|---|
| committer | Romain Gonçalves <me@rgoncalves.se> | 2023-04-02 11:45:09 +0200 |
| commit | cb6189507ab4f6c6db960105c69b69e92f7710c0 (patch) | |
| tree | 3daddeb6a85585f5d387697a9c45069d72db7fd2 | |
| parent | 5d019d2ad90c39cfae2d7edf0208c98060ddbd8e (diff) | |
| download | infrastructure-cb6189507ab4f6c6db960105c69b69e92f7710c0.tar.gz | |
feat(roles/sshd_keys): add argument specs
| -rw-r--r-- | roles/sshd_keys/defaults/main.yml | 13 | ||||
| -rw-r--r-- | roles/sshd_keys/meta/main.yml | 22 | ||||
| -rw-r--r-- | roles/sshd_keys/tasks/main.yml | 29 |
3 files changed, 60 insertions, 4 deletions
diff --git a/roles/sshd_keys/defaults/main.yml b/roles/sshd_keys/defaults/main.yml new file mode 100644 index 0000000..1b97a4a --- /dev/null +++ b/roles/sshd_keys/defaults/main.yml @@ -0,0 +1,13 @@ +--- + +sshd_keys_users: null +sshd_keys_dir: files/keys +sshd_keys_paths: "[ + {% if sshd_keys_users is none %} + '{{ sshd_keys_dir }}', + {% else %} + {% for user in sshd_keys_users %} + '{{ sshd_keys_dir }}/{{ user }}', + {% endfor %} + {% endif %} + ]" diff --git a/roles/sshd_keys/meta/main.yml b/roles/sshd_keys/meta/main.yml index 46c62ed..e790d71 100644 --- a/roles/sshd_keys/meta/main.yml +++ b/roles/sshd_keys/meta/main.yml @@ -3,3 +3,25 @@ dependencies: - role: sshd tags: dependency + +argument_specs: + main: + short_description: sshd_keys main entrypoint. + options: + + sshd_keys_users: + type: list + elements: str + required: true + description: Users to be synced + + sshd_keys_dir: + type: path + required: true + description: Local directory with public keys + + sshd_keys_paths: + type: list + elements: path + required: true + description: Local directory with public keys diff --git a/roles/sshd_keys/tasks/main.yml b/roles/sshd_keys/tasks/main.yml index 32f6b5a..5d45e34 100644 --- a/roles/sshd_keys/tasks/main.yml +++ b/roles/sshd_keys/tasks/main.yml @@ -2,12 +2,33 @@ - name: get ssh keys for all users ansible.builtin.find: - paths: files/keys + paths: "{{ sshd_keys_paths }}" file_type: link recurse: true delegate_to: localhost run_once: true - register: result + register: sshd_keys_result_find + +- name: set sshd_keys_found_users variable + ansible.builtin.set_fact: + sshd_keys_found_users: "{{ sshd_keys_result_find.files + | map(attribute='path') + | map('dirname') + | map('basename') + | unique }}" + +- name: create groups for users with ssh keys + ansible.builtin.group: + name: "{{ item }}" + state: present + loop: "{{ sshd_keys_found_users }}" + +- name: create users with ssh keys + ansible.builtin.user: + name: "{{ item }}" + group: "{{ item }}" + state: present + loop: "{{ sshd_keys_found_users }}" - name: synchronize ssh keys ansible.posix.authorized_key: @@ -15,6 +36,6 @@ state: present key: "{{ lookup('file', item.path) }}" loop_control: - label: "{{ item.path }} -> user: {{ item.path | dirname | basename }}" - loop: "{{ result.files }}" + label: "{{ item.path }}: {{ item.path | dirname | basename }}" + loop: "{{ sshd_keys_result_find.files }}" failed_when: false |