Add the SSH role to the users-update playbook #92 fixed

2025-06-07 15:43:54 +02:00 · 2016-10-06 20:39:53 +03:00 · 2016-10-06 20:39:53 +03:00 · 105cb601e4
commit 105cb601e4
parent ad9d7d6ddb
1 changed files with 75 additions and 99 deletions
--- a/users.yml
+++ b/users.yml
@ -18,7 +18,7 @@
    - name: "ssh_tunneling_enabled"
      prompt: "Do you want each user to have their own account for SSH tunneling? (y/n):\n"
-      default: "y"
+      default: "n"
      private: no
    - name: "easyrsa_p12_export_password"
@ -56,6 +56,9 @@
    - set_fact:
        IP_subject_alt_name: "{{ IP_subject }}"
  roles:
    - { role: ssh_tunneling, tags: [ 'ssh_tunneling' ], when: ssh_tunneling_enabled is defined and ssh_tunneling_enabled == "y" }
  tasks:
    - name: Build the client's pair
      shell: >
@ -123,33 +126,6 @@
    # SSH
  - name: SSH | Ensure that the system users exist
    user:
      name: "{{ item }}"
      groups: algo
      home: '/var/jail/{{ item }}'
      createhome: yes
      generate_ssh_key: yes
      shell: /bin/false
      ssh_key_type: rsa
      ssh_key_bits: 2048
      ssh_key_comment: '{{ item }}@{{ IP_subject_alt_name }}'
      ssh_key_passphrase: "{{ easyrsa_p12_export_password }}"
      state: present
      append: yes
    with_items: "{{ users }}"
    when: ssh_tunneling_enabled is defined and ssh_tunneling_enabled == "y"
  - name: SSH | The authorized keys file created
    file:
      src: '/var/jail/{{ item }}/.ssh/id_rsa.pub'
      dest: '/var/jail/{{ item }}/.ssh/authorized_keys'
      owner: "{{ item }}"
      group: "{{ item }}"
      state: link
    with_items: "{{ users }}"
    when: ssh_tunneling_enabled is defined and ssh_tunneling_enabled == "y"
    - name: SSH | Get active system users
      shell: >
        getent group algo | cut -f4 -d: | sed "s/,/\n/g"