added ssh_keys, thinking of a way to automate unique ssh_key creation with vault storage backend

2023-03-24 23:40:02 +01:00 · 2023-03-24 23:40:02 +01:00 · d2e33bf27f
commit d2e33bf27f
parent 3e33013362
2 changed files with 16 additions and 1 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -5,4 +5,6 @@ provision_ansible_user_password: supersecretpassword
 provision_ansible_user_is_system: true
 provision_ansible_user_shell: /bin/bash
 provision_ansible_user_sudoer: false
-provision_ansible_user_ssh_keys: []
+provision_ansible_user_ssh_key:
+provision_ansible_user_ssh_key_options: ""
+provision_ansible_user_ssh_key_exclusive: true
--- a/tasks/create_user.yml
+++ b/tasks/create_user.yml
@ -8,3 +8,16 @@
    shell: "{{ provision_ansible_user_shell }}"
    system: "{{ provision_ansible_user_is_system }}"
    create_home: true
+
+- name: "Add user to sudoers"
+  ansible.builtin.copy:
+    dest: "/etc/sudoers.d/{{ provision_ansible_user_name }}"
+    mode: 0640
+    content: "{{ provision_ansible_user_name }}  ALL=(ALL)  NOPASSWD: ALL"
+
+- name: "Add key to authorized_keys"
+  user: "{{ provision_ansible_user_name }}"
+  key: "{{ provision_ansible_user_ssh_key }}"
+  comment: "ansible@{{ ansible_hostname }}"
+  key_options: "{{ provision_ansible_user_ssh_key_options }}"
+  exclusive: "{{ provision_ansible_user_ssh_key_exclusive }}"