volker.raschek/ansible-role-unix-users
1
0
Fork 0
Code Issues 2 Pull Requests 1 Actions Projects Releases Wiki Activity

feat: support environment variables in authorized_keys file
All checks were successful
Ansible Linter / ansible-lint (push) Successful in 21s
Details
Lint Markdown files / markdown-lint (push) Successful in 5s
Details

Browse Source
This commit is contained in:
Markus Pesch
2026-01-07 10:28:13 +01:00
parent 47d9a58910
commit 69491c9aa0
2 changed files with 26 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@@ -77,7 +77,11 @@ The SSH client directory `~/.ssh` can also be managed via the Ansible role. This
`~/.ssh/config`, `~/.ssh/authorized_keys` as well as the maintenance of private and public SSH keys. `~/.ssh/config`, `~/.ssh/authorized_keys` as well as the maintenance of private and public SSH keys.
The following example create two entries in `~/.ssh/authorized_keys`. One normal SSH access for `claire`. If `bob` The following example create two entries in `~/.ssh/authorized_keys`. One normal SSH access for `claire`. If `bob`
establish a SSH connection the command `/usr/local/bin/upload-file.sh` will be executed and exited. establish a SSH connection the command `/usr/local/bin/upload-file.sh` will be executed and exited. Furthermore,
environment variables can be espcilitly defined, to consume it during execution of the command.
> [!IMPORTANT]
> To allow consuming environment variables must be set `PermitUserEnvironment yes` in `/etc/ssh/sshd_config`.
The private key `toor@toor-pc.ed25519.key` must be stored in `ssh/private_keys`. The public key will be automatically The private key `toor@toor-pc.ed25519.key` must be stored in `ssh/private_keys`. The public key will be automatically
extracted from the private key. extracted from the private key.

25
templates/authorized_keys.j2
View File

@@ -3,9 +3,26 @@
# {{ ansible_managed }} # {{ ansible_managed }}
# #
{% for authorized_key in unix_user.value.ssh.authorized_keys %} {% for authorized_key in unix_user.value.ssh.authorized_keys %}
{% if authorized_key.command is defined and authorized_key.command | length > 0 %} {% set _args = [] %}
command="{{ authorized_key.command }}" {{ lookup('file', 'ssh/authorized_keys/' + authorized_key.filename ) }} {% if authorized_key.command is defined and authorized_key.command | length > 0 %}
{% else %} {% set _args = _args + [ "command=\"" + authorized_key.command + "\"" ] %}
{% endif %}
{% if authorized_key.environments is defined %}
{% set ns = namespace(envs=[]) %}
{% for environment in authorized_key.environments %}
{% if environment.key is defined and environment.key | length > 0 and
environment.value is defined and environment.value | length > 0
%}
{% set ns.envs = ns.envs + [ environment.key + "=" + environment.value ] %}
{% endif %}
{% endfor %}
{% if ns.envs | length > 0 %}
{% set _args = _args + [ "environment=\"" + (ns.envs | join(',')) + "\"" ] %}
{% endif %}
{% endif %}
{% if _args | length > 0 %}
{{ _args | join(',') }} {{ lookup('file', 'ssh/authorized_keys/' + authorized_key.filename ) }}
{% else %}
{{ lookup('file', 'ssh/authorized_keys/' + authorized_key.filename ) }} {{ lookup('file', 'ssh/authorized_keys/' + authorized_key.filename ) }}
{% endif %} {% endif %}
{% endfor %} {% endfor %}