archusers: Add support for single-host SSH keys

Some of our users have keys that they only want on a few machines and reconfigure each time we deploy. Now we can configure and deploy such keys. Signed-off-by: Florian Pritz <bluewind@xinu.at>

archusers: Add support for single-host SSH keys
Some of our users have keys that they only want on a few machines and reconfigure each time we deploy. Now we can configure and deploy such keys. Signed-off-by: Florian Pritz <bluewind@xinu.at>
28ef4d28 · Florian Pritz · 24840e1a · 28ef4d28 · 28ef4d28
Verified Commit 28ef4d28 authored Nov 25, 2018 by Florian Pritz
--- a/roles/archusers/tasks/main.yml
+++ b/roles/archusers/tasks/main.yml
@@ -13,13 +13,12 @@
    state: present
  with_dict: "{{ arch_users }}"

+- name: create .ssh directory
+  file: path=/home/{{item.key}}/.ssh state=directory owner={{item.key}} group=users mode=0700
+  with_dict: "{{ arch_users }}"
+
 - name: configure ssh keys
-  authorized_key:
-    user: "{{ item.key }}"
-    key: "{{ lookup('file', '../pubkeys/' + item.value.ssh_key) }}"
-    manage_dir: yes
-    state: present
-    exclusive: yes
+  template: src=authorized_keys.j2 dest=/home/{{item.key}}/.ssh/authorized_keys owner={{item.key}} group=users mode=0600
  when: item.value.ssh_key is defined
  with_dict: "{{ arch_users }}"


--- a/roles/archusers/templates/authorized_keys.j2
+++ b/roles/archusers/templates/authorized_keys.j2
+#jinja2: lstrip_blocks: True
+{{ lookup('file', '../pubkeys/' + item.value.ssh_key) }}
+{% if item.value.additional_ssh_keys is defined %}
+	{% for key in item.value.additional_ssh_keys %}
+		{% if inventory_hostname in key.hosts %}
+{{ lookup('file', '../pubkeys/' + key.name) }}
+		{% endif %}
+	{% endfor %}
+{% endif %}