You've already forked ansible-role-unix-users
fix: config ssh client config
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
@ -71,13 +71,57 @@
|
||||
owner: "{{ unix_user.key }}"
|
||||
group: "{{ unix_user.value.group | default('users') }}"
|
||||
mode: 0600
|
||||
when: unix_user.value.ssh_keys is defined and unix_user.value.ssh_keys.public | length > 0
|
||||
when: unix_user.value.ssh.authorized_keys is defined and unix_user.value.ssh.authorized_keys | length > 0
|
||||
|
||||
- name: Remove authorized_keys file for user {{ unix_user.key }}
|
||||
file:
|
||||
path: "{{ user_user_home }}/.ssh/authorized_keys"
|
||||
state: absent
|
||||
when: unix_user.value.ssh_keys.public is not defined or unix_user.value.ssh_keys.public | length <= 0
|
||||
when: unix_user.value.ssh.authorized_keys is not defined or unix_user.value.ssh.authorized_keys | length <= 0
|
||||
|
||||
- name: Create private SSH keys for user {{ unix_user.key }}
|
||||
copy:
|
||||
src: "{{ playbook_dir }}/ssh/private_keys/{{ item }}"
|
||||
dest: "{{ user_user_home }}/.ssh/{{ item }}"
|
||||
owner: "{{ unix_user.key }}"
|
||||
group: "{{ unix_user.value.group | default('users') }}"
|
||||
mode: 0600
|
||||
with_items:
|
||||
- "{{ unix_user.value.ssh.private_keys }}"
|
||||
when: unix_user.value.ssh.private_keys is defined and unix_user.value.ssh.private_keys | length >= 0
|
||||
|
||||
- name: Extract public SSH keys from private keys for user {{ unix_user.key }}
|
||||
command: "ssh-keygen -y -f {{ user_user_home }}/.ssh/{{ item }} > {{ user_user_home }}/.ssh/{{ item }}.pub"
|
||||
args:
|
||||
creates: "{{ user_user_home }}/.ssh/{{ item }}.pub"
|
||||
with_items:
|
||||
- "{{ unix_user.value.ssh.private_keys }}"
|
||||
when: unix_user.value.ssh.private_keys is defined and unix_user.value.ssh.private_keys | length >= 0
|
||||
|
||||
- name: Correct permissions of public SSH keys for user {{ unix_user.key }}
|
||||
file:
|
||||
path: "{{ user_user_home }}/.ssh/{{ item }}.pub"
|
||||
owner: "{{ unix_user.key }}"
|
||||
group: "{{ unix_user.value.group | default('users') }}"
|
||||
mode: 0644
|
||||
with_items:
|
||||
- "{{ unix_user.value.ssh.private_keys }}"
|
||||
when: unix_user.value.ssh.private_keys is defined and unix_user.value.ssh.private_keys | length >= 0
|
||||
|
||||
- name: Create custom SSH client config for user {{ unix_user.key }}
|
||||
template:
|
||||
src: config.j2
|
||||
dest: "{{ user_user_home }}/.ssh/config"
|
||||
owner: "{{ unix_user.key }}"
|
||||
group: "{{ unix_user.value.group | default('users') }}"
|
||||
mode: 0644
|
||||
when: unix_user.value.ssh.config is defined and unix_user.value.ssh.config | length >= 0
|
||||
|
||||
- name: Remove custom SSH client config for user {{ unix_user.key }}
|
||||
file:
|
||||
path: "{{ user_user_home }}/.ssh/config"
|
||||
state: absent
|
||||
when: unix_user.value.ssh.config is not defined
|
||||
|
||||
- name: Create .forward file to forward emails for user {{ unix_user.key }}
|
||||
template:
|
||||
|
||||
Reference in New Issue
Block a user