diff options
| author | Romain Gonçalves <me@rgoncalves.se> | 2024-05-12 17:34:23 +0200 |
|---|---|---|
| committer | Romain Gonçalves <me@rgoncalves.se> | 2024-05-12 17:36:32 +0200 |
| commit | 480496827c71acb9a52b27c7e18c4bae8d63004c (patch) | |
| tree | 7dbcf9d2c140cc4c52d9abcc32be43fa8f1f3de9 /roles | |
| parent | fdd5293dd05890434c5b1660bfc44d493a4f4056 (diff) | |
| download | rules-480496827c71acb9a52b27c7e18c4bae8d63004c.tar.gz | |
feat(roles/sshd_keys): simplify key management
Diffstat (limited to 'roles')
| -rw-r--r-- | roles/sshd_keys/meta/main.yml | 6 | ||||
| -rw-r--r-- | roles/sshd_keys/tasks/main.yml | 31 |
2 files changed, 15 insertions, 22 deletions
diff --git a/roles/sshd_keys/meta/main.yml b/roles/sshd_keys/meta/main.yml index ccf16eb..4123733 100644 --- a/roles/sshd_keys/meta/main.yml +++ b/roles/sshd_keys/meta/main.yml @@ -5,12 +5,6 @@ argument_specs: short_description: sshd__keys main entrypoint. options: - sshd_keys__users: - type: list - elements: str - required: true - description: Users to be synced - sshd_keys__dir: type: path required: true diff --git a/roles/sshd_keys/tasks/main.yml b/roles/sshd_keys/tasks/main.yml index 168f64d..d6cb511 100644 --- a/roles/sshd_keys/tasks/main.yml +++ b/roles/sshd_keys/tasks/main.yml @@ -2,27 +2,26 @@ - name: get ssh keys for all users ansible.builtin.find: - paths: "{{ sshd__keys_paths }}" - file_type: link + paths: "{{ sshd_keys__dir }}" recurse: true delegate_to: localhost run_once: true - register: sshd__keys_result_find + register: sshd_keys__result_find -- name: set sshd__keys_found_users variable - ansible.builtin.set_fact: - sshd__keys_found_users: "{{ sshd__keys_result_find.files - | map(attribute='path') - | map('dirname') - | map('basename') - | unique }}" +- name: retrieve existing users + ansible.builtin.getent: + database: passwd + register: sshd_keys__result_getent -- name: synchronize ssh keys +- name: set authorized key, removing all the authorized keys already set ansible.posix.authorized_key: - user: "{{ item.path | dirname | basename }}" - state: present + user: "{{ item.path | basename }}" key: "{{ lookup('file', item.path) }}" + state: present + exclusive: true + when: item.path + | basename in sshd_keys__result_getent.ansible_facts.getent_passwd + | list loop_control: - label: "{{ item.path }}: {{ item.path | dirname | basename }}" - loop: "{{ sshd__keys_result_find.files }}" - failed_when: false + label: "{{ item.path }}" + loop: "{{ sshd_keys__result_find.files }}" |