diff options
Diffstat (limited to 'roles')
-rw-r--r-- | roles/sshd_keys/meta/main.yml | 6 | ||||
-rw-r--r-- | roles/sshd_keys/tasks/main.yml | 31 |
2 files changed, 15 insertions, 22 deletions
diff --git a/roles/sshd_keys/meta/main.yml b/roles/sshd_keys/meta/main.yml index ccf16eb..4123733 100644 --- a/roles/sshd_keys/meta/main.yml +++ b/roles/sshd_keys/meta/main.yml @@ -5,12 +5,6 @@ argument_specs: short_description: sshd__keys main entrypoint. options: - sshd_keys__users: - type: list - elements: str - required: true - description: Users to be synced - sshd_keys__dir: type: path required: true diff --git a/roles/sshd_keys/tasks/main.yml b/roles/sshd_keys/tasks/main.yml index 168f64d..d6cb511 100644 --- a/roles/sshd_keys/tasks/main.yml +++ b/roles/sshd_keys/tasks/main.yml @@ -2,27 +2,26 @@ - name: get ssh keys for all users ansible.builtin.find: - paths: "{{ sshd__keys_paths }}" - file_type: link + paths: "{{ sshd_keys__dir }}" recurse: true delegate_to: localhost run_once: true - register: sshd__keys_result_find + register: sshd_keys__result_find -- name: set sshd__keys_found_users variable - ansible.builtin.set_fact: - sshd__keys_found_users: "{{ sshd__keys_result_find.files - | map(attribute='path') - | map('dirname') - | map('basename') - | unique }}" +- name: retrieve existing users + ansible.builtin.getent: + database: passwd + register: sshd_keys__result_getent -- name: synchronize ssh keys +- name: set authorized key, removing all the authorized keys already set ansible.posix.authorized_key: - user: "{{ item.path | dirname | basename }}" - state: present + user: "{{ item.path | basename }}" key: "{{ lookup('file', item.path) }}" + state: present + exclusive: true + when: item.path + | basename in sshd_keys__result_getent.ansible_facts.getent_passwd + | list loop_control: - label: "{{ item.path }}: {{ item.path | dirname | basename }}" - loop: "{{ sshd__keys_result_find.files }}" - failed_when: false + label: "{{ item.path }}" + loop: "{{ sshd_keys__result_find.files }}" |