From 4c467aaf887ab9c57fe4c5035d78bb5d67afb434 Mon Sep 17 00:00:00 2001
From: Markus Pesch <markus.pesch@cryptic.systems>
Date: Fri, 4 Oct 2024 11:44:37 +0200
Subject: [PATCH] fix: support ssh 'command' option

---
 defaults/default.yml         | 3 ++-
 templates/authorized_keys.j2 | 8 ++++++--
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/defaults/default.yml b/defaults/default.yml
index e0892d4..a34a87d 100644
--- a/defaults/default.yml
+++ b/defaults/default.yml
@@ -19,7 +19,8 @@ unix_users: {}
 #         StrictHostKeyChecking: "no"
 #         UserKnownHostFile: /dev/null
 #       authorized_keys:
-#       - alice@alice-pc.pub
+#       - filename: alice@alice-pc.pub
+#         # command: "" # optional
 #       private_keys:
 #       - alice@alice-pc.ed25519.key
 #     home: /home/alice
diff --git a/templates/authorized_keys.j2 b/templates/authorized_keys.j2
index 1a246ed..ea1c91c 100644
--- a/templates/authorized_keys.j2
+++ b/templates/authorized_keys.j2
@@ -2,6 +2,10 @@
 #
 # {{ ansible_managed }}
 #
-{% for key in unix_user.value.ssh.authorized_keys %}
-{{ lookup('file', 'ssh/authorized_keys/' + key) }}
+{% for authorized_key in unix_user.value.ssh.authorized_keys %}
+{% if authorized_key.command is defined and authorized_key.command | length > 0 %}
+command="{{ authorized_key.command }}" {{ lookup('file', 'ssh/authorized_keys/' + authorized_key.filename ) }}
+{% else %}
+{{ lookup('file', 'ssh/authorized_keys/' + authorized_key.filename ) }}
+{% endif %}
 {% endfor %}