aboutsummaryrefslogtreecommitdiffstats
path: root/roles/sshd_keys
diff options
context:
space:
mode:
Diffstat (limited to 'roles/sshd_keys')
-rw-r--r--roles/sshd_keys/defaults/main.yml13
-rw-r--r--roles/sshd_keys/meta/main.yml22
-rw-r--r--roles/sshd_keys/tasks/main.yml29
3 files changed, 60 insertions, 4 deletions
diff --git a/roles/sshd_keys/defaults/main.yml b/roles/sshd_keys/defaults/main.yml
new file mode 100644
index 0000000..1b97a4a
--- /dev/null
+++ b/roles/sshd_keys/defaults/main.yml
@@ -0,0 +1,13 @@
+---
+
+sshd_keys_users: null
+sshd_keys_dir: files/keys
+sshd_keys_paths: "[
+ {% if sshd_keys_users is none %}
+ '{{ sshd_keys_dir }}',
+ {% else %}
+ {% for user in sshd_keys_users %}
+ '{{ sshd_keys_dir }}/{{ user }}',
+ {% endfor %}
+ {% endif %}
+ ]"
diff --git a/roles/sshd_keys/meta/main.yml b/roles/sshd_keys/meta/main.yml
index 46c62ed..e790d71 100644
--- a/roles/sshd_keys/meta/main.yml
+++ b/roles/sshd_keys/meta/main.yml
@@ -3,3 +3,25 @@
dependencies:
- role: sshd
tags: dependency
+
+argument_specs:
+ main:
+ short_description: sshd_keys main entrypoint.
+ options:
+
+ sshd_keys_users:
+ type: list
+ elements: str
+ required: true
+ description: Users to be synced
+
+ sshd_keys_dir:
+ type: path
+ required: true
+ description: Local directory with public keys
+
+ sshd_keys_paths:
+ type: list
+ elements: path
+ required: true
+ description: Local directory with public keys
diff --git a/roles/sshd_keys/tasks/main.yml b/roles/sshd_keys/tasks/main.yml
index 32f6b5a..5d45e34 100644
--- a/roles/sshd_keys/tasks/main.yml
+++ b/roles/sshd_keys/tasks/main.yml
@@ -2,12 +2,33 @@
- name: get ssh keys for all users
ansible.builtin.find:
- paths: files/keys
+ paths: "{{ sshd_keys_paths }}"
file_type: link
recurse: true
delegate_to: localhost
run_once: true
- register: result
+ register: sshd_keys_result_find
+
+- name: set sshd_keys_found_users variable
+ ansible.builtin.set_fact:
+ sshd_keys_found_users: "{{ sshd_keys_result_find.files
+ | map(attribute='path')
+ | map('dirname')
+ | map('basename')
+ | unique }}"
+
+- name: create groups for users with ssh keys
+ ansible.builtin.group:
+ name: "{{ item }}"
+ state: present
+ loop: "{{ sshd_keys_found_users }}"
+
+- name: create users with ssh keys
+ ansible.builtin.user:
+ name: "{{ item }}"
+ group: "{{ item }}"
+ state: present
+ loop: "{{ sshd_keys_found_users }}"
- name: synchronize ssh keys
ansible.posix.authorized_key:
@@ -15,6 +36,6 @@
state: present
key: "{{ lookup('file', item.path) }}"
loop_control:
- label: "{{ item.path }} -> user: {{ item.path | dirname | basename }}"
- loop: "{{ result.files }}"
+ label: "{{ item.path }}: {{ item.path | dirname | basename }}"
+ loop: "{{ sshd_keys_result_find.files }}"
failed_when: false
remember that computers suck.