2020-04-13 14:46:45 +02:00
|
|
|
---
|
|
|
|
|
# Create an user and add their SSH public keys
|
|
|
|
|
- name: Create user {{ user.name }} with no password
|
|
|
|
|
user:
|
|
|
|
|
name: "{{ user.name }}"
|
|
|
|
|
shell: /bin/bash
|
|
|
|
|
# See https://unix.stackexchange.com/questions/193066/how-to-unlock-account-for-public-key-ssh-authorization-but-not-for-password-aut/193131#193131
|
|
|
|
|
password: '*'
|
2020-11-28 20:47:30 +01:00
|
|
|
groups: "{{ user.groups | default(user_default_groups) }}"
|
|
|
|
|
append: no
|
2020-04-13 14:46:45 +02:00
|
|
|
state: present
|
2020-11-28 20:47:30 +01:00
|
|
|
update_password: always
|
2020-04-13 14:46:45 +02:00
|
|
|
|
|
|
|
|
- name: Add SSH public keys for user {{ user.name }}
|
|
|
|
|
authorized_key:
|
|
|
|
|
user: "{{ user.name }}"
|
|
|
|
|
state: present
|
|
|
|
|
# we can pass multiple SSH keys, but they must be separated by newlines
|
2020-11-28 20:47:30 +01:00
|
|
|
key: |
|
|
|
|
|
{% for key_file in lookup('fileglob', user_ssh_key_path, wantlist=true) %}
|
|
|
|
|
{{ lookup('file', key_file) }}
|
|
|
|
|
{% endfor %}
|
2020-04-13 14:46:45 +02:00
|
|
|
# remove obsolete keys
|
2020-11-28 20:47:30 +01:00
|
|
|
exclusive: yes
|
|
|
|
|
vars:
|
|
|
|
|
user_ssh_key_path: ssh/{{ user.name }}/*.pub
|
