forked from rciam/rciam-deploy
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathauthzkeys.yml
41 lines (39 loc) · 1.42 KB
/
authzkeys.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
# file: authzkeys.yml
#
# Playbook for managing SSH authorized keys in ~/.ssh/authorized_keys.
#
# The `authz_keys_paths` variable needs to be defined to specify the paths
# to files containing the public keys. You can include keys based on matching
# files or specifying individual paths.
#
# Example using patterns to match files:
# authz_keys_paths:
# - "{{ inventory_dir }}/files/authorized_keys/devs/*.pub"
# - "{{ inventory_dir }}/files/authorized_keys/ops/*.pub"
#
# Example using multiple paths:
# authz_keys_paths:
# - "{{ inventory_dir }}/files/authorized_keys/devs/alice.pub"
# - "{{ inventory_dir }}/files/authorized_keys/ops/bob.pub"
#
# N.B. The playbook will *remove* all other non-specified keys from the
# authorized_keys file. Defining authz_keys_paths as an empty list
# will result in an *empty* authorized_keys file
#
---
- name: Create authorized keys
hosts: all
tasks:
- name: Set list fact
ansible.builtin.set_fact:
authzkeys_list: "{{ lookup('file', item) }}"
register: authzkeys
with_fileglob: "{{ authz_keys_paths }}"
- name: Set string fact
ansible.builtin.set_fact:
authzkeys_string: "{{ authzkeys.results | map(attribute='ansible_facts.authzkeys_list') | join('\n') }}"
- name: Create key
ansible.posix.authorized_key: # noqa syntax-check[unknown-module]
user: "{{ ansible_user }}"
key: "{{ authzkeys_string }}"
exclusive: true