Robert Helewka
b4d60f2f38
Replaces the minimal project description with a comprehensive README including a component overview table, quick start instructions, common Ansible operations, and links to detailed documentation. Aligns with Red Panda Approval™ standards.
53 lines
1.5 KiB
YAML
53 lines
1.5 KiB
YAML
---
|
|
# SSH Authorized Keys Management
|
|
# Deploys authorized_keys to all ubuntu hosts based on ssh_authorized_users variable
|
|
#
|
|
# Usage:
|
|
# ansible-playbook auth_keys.yml
|
|
#
|
|
# Override exclusive mode (removes unlisted keys):
|
|
# ansible-playbook auth_keys.yml -e "ssh_exclusive_mode=true"
|
|
#
|
|
# Target specific host:
|
|
# ansible-playbook auth_keys.yml --limit ariel.incus
|
|
#
|
|
# Variables defined in: inventory/group_vars/all/auth_keys.yml
|
|
|
|
- name: Manage SSH Authorized Keys
|
|
hosts: ubuntu
|
|
become: true
|
|
|
|
tasks:
|
|
- name: Ensure .ssh directory exists for each user
|
|
ansible.builtin.file:
|
|
path: "/home/{{ item.name }}/.ssh"
|
|
state: directory
|
|
mode: '0700'
|
|
owner: "{{ item.name }}"
|
|
group: "{{ item.name }}"
|
|
loop: "{{ ssh_authorized_users }}"
|
|
loop_control:
|
|
label: "{{ item.name }}"
|
|
|
|
- name: Deploy authorized keys (additive mode)
|
|
ansible.posix.authorized_key:
|
|
user: "{{ item.0.name }}"
|
|
key: "{{ item.1 }}"
|
|
state: present
|
|
exclusive: false
|
|
loop: "{{ ssh_authorized_users | subelements('keys') }}"
|
|
loop_control:
|
|
label: "{{ item.0.name }}: {{ item.1 | truncate(50) }}"
|
|
when: not ssh_exclusive_mode
|
|
|
|
- name: Deploy authorized keys (exclusive mode)
|
|
ansible.posix.authorized_key:
|
|
user: "{{ item.name }}"
|
|
key: "{{ item.keys | join('\n') }}"
|
|
state: present
|
|
exclusive: true
|
|
loop: "{{ ssh_authorized_users }}"
|
|
loop_control:
|
|
label: "{{ item.name }}"
|
|
when: ssh_exclusive_mode
|