Add users-ssh.yml

2025-09-11 15:59:16 +00:00
parent f4263ca004
commit 7c4533c95f
1 changed files with 37 additions and 0 deletions
--- a/users-ssh.yml
+++ b/users-ssh.yml
@@ -0,0 +1,37 @@
+- name: Ensure users exist and have SSH keys
+  hosts: all
+  become: true
+
+  vars:
+    users:
+      - name: automation
+        shell: /bin/bash
+        groups: [sudo]      # optional
+        password_lock: true # optional: no local password login
+        keys:
+          - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEx+ltCKNIEM7F4PzGLv22cIu7N0Fpn5gxwV02xq0GS9 automation@im.cz"
+
+      # add more users like:
+      # - name: deploy
+      #   keys:
+      #     - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQ... deploy@example"
+
+  tasks:
+    - name: Ensure user exists (creates home if missing)
+      ansible.builtin.user:
+        name: "{{ item.name }}"
+        shell: "{{ item.shell | default('/bin/bash') }}"
+        groups: "{{ (item.groups | default([])) | join(',') if (item.groups | default([])) else omit }}"
+        append: true
+        create_home: true
+        password_lock: "{{ item.password_lock | default(omit) }}"
+        state: present
+      loop: "{{ users }}"
+
+    - name: Install authorized SSH keys
+      ansible.builtin.authorized_key:
+        user: "{{ item.0.name }}"
+        key: "{{ item.1 }}"
+        state: present
+        manage_dir: true   # ensures ~/.ssh exists with correct perms
+      loop: "{{ users | subelements('keys', skip_missing=True) }}"