ref: Install authorized keys per user
Instead of installing authorized keys globally (same for everybody), we pass in the authorized_keys variable per user, and thus the installation also takes place per user. This makes much more sense and works with minimal refactoring.
This commit is contained in:
parent
66ce16ce55
commit
6e30232057
GPG key ID:
4E535BC19C61886E
2 changed files with 6 additions and 6 deletions
|
|
@ -7,11 +7,10 @@ system_users:
|
||||||
- marty
|
- marty
|
||||||
- data
|
- data
|
||||||
- incus-admin
|
- incus-admin
|
||||||
|
authorized_keys:
|
||||||
|
- "{{ lookup('file', '~/.ssh/keys/bob.pub') }}"
|
||||||
- name: data
|
- name: data
|
||||||
groups:
|
groups:
|
||||||
- data
|
- data
|
||||||
create_home: false
|
create_home: false
|
||||||
shell: /sbin/nologin
|
shell: /sbin/nologin
|
||||||
|
|
||||||
system_authorized_keys:
|
|
||||||
- "{{ lookup('file', '~/.ssh/keys/bob.pub') }}"
|
|
||||||
|
|
|
||||||
|
|
@ -63,10 +63,11 @@
|
||||||
|
|
||||||
- name: Add authorized SSH keys
|
- name: Add authorized SSH keys
|
||||||
ansible.posix.authorized_key:
|
ansible.posix.authorized_key:
|
||||||
user: marty # FIXME: don't hardoce user
|
user: "{{ item.name }}"
|
||||||
state: present
|
state: present
|
||||||
key: "{{ item }}"
|
key: "{{ item.authorized_keys }}"
|
||||||
loop: "{{ system_authorized_keys }}"
|
loop: "{{ system_users }}"
|
||||||
|
when: system_users is defined and item.authorized_keys is defined
|
||||||
tags:
|
tags:
|
||||||
- ssh
|
- ssh
|
||||||
become: true
|
become: true
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue