From 7c4533c95f16e7cfca45fcc7e6e89181f36ae82a Mon Sep 17 00:00:00 2001
From: jakub <jakub@zacekj.cz>
Date: Thu, 11 Sep 2025 15:59:16 +0000
Subject: [PATCH] Add users-ssh.yml

---
 users-ssh.yml | 37 +++++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100644 users-ssh.yml

diff --git a/users-ssh.yml b/users-ssh.yml
new file mode 100644
index 0000000..8a5b30a
--- /dev/null
+++ b/users-ssh.yml
@@ -0,0 +1,37 @@
+- name: Ensure users exist and have SSH keys
+  hosts: all
+  become: true
+
+  vars:
+    users:
+      - name: automation
+        shell: /bin/bash
+        groups: [sudo]      # optional
+        password_lock: true # optional: no local password login
+        keys:
+          - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEx+ltCKNIEM7F4PzGLv22cIu7N0Fpn5gxwV02xq0GS9 automation@im.cz"
+
+      # add more users like:
+      # - name: deploy
+      #   keys:
+      #     - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQ... deploy@example"
+
+  tasks:
+    - name: Ensure user exists (creates home if missing)
+      ansible.builtin.user:
+        name: "{{ item.name }}"
+        shell: "{{ item.shell | default('/bin/bash') }}"
+        groups: "{{ (item.groups | default([])) | join(',') if (item.groups | default([])) else omit }}"
+        append: true
+        create_home: true
+        password_lock: "{{ item.password_lock | default(omit) }}"
+        state: present
+      loop: "{{ users }}"
+
+    - name: Install authorized SSH keys
+      ansible.builtin.authorized_key:
+        user: "{{ item.0.name }}"
+        key: "{{ item.1 }}"
+        state: present
+        manage_dir: true   # ensures ~/.ssh exists with correct perms
+      loop: "{{ users | subelements('keys', skip_missing=True) }}"
\ No newline at end of file