main.yml (975B)
1 --- 2 - name: create base user group 3 group: 4 name: "{{ base_group }}" 5 state: present 6 7 - name: create base user 8 user: 9 name: "{{ base_user }}" 10 group: "{{ base_group }}" 11 groups: "{{ base_extra_groups }}" 12 state: present 13 register: base_user_info 14 15 - name: ssh folder 16 file: 17 path: "{{ base_user_info.home }}/.ssh" 18 state: directory 19 mode: 0700 20 owner: "{{ base_user }}" 21 group: "{{ base_group }}" 22 23 - name: Set authorized_keys 24 lineinfile: 25 path: "{{ base_user_info.home }}/.ssh/authorized_keys" 26 owner: "{{ base_user }}" 27 group: "{{ base_group }}" 28 mode: 0600 29 line: "{{ item }}" 30 create: yes 31 loop: "{{ base_ssh_keys }}" 32 33 - name: Remove old keys if present 34 lineinfile: 35 path: "{{ base_user_info.home }}/.ssh/authorized_keys" 36 owner: "{{ base_user }}" 37 group: "{{ base_group }}" 38 mode: 0600 39 state: absent 40 regex: "^ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILdfFPROEl6Q4RszLRry2mhJ3HUPNbxCw9igYT3XhAZ2"