Browse Source

improve role

pull/3/head
Lilian Roller 3 months ago
parent
commit
fc20454b53
No account linked to committer's email address
3 changed files with 6 additions and 4 deletions
  1. 2
    0
      defaults/main.yml
  2. 2
    2
      tasks/main.yml
  3. 2
    2
      templates/authorized_keys.j2

+ 2
- 0
defaults/main.yml View File

@@ -6,6 +6,8 @@ ssh_public_key_store: 'ssh_public_keys'
6 6
 # all admins on this host
7 7
 admins: [] 
8 8
 
9
+admins_ssh_root_prefix: "{{ admins }}"
10
+
9 11
 # all users including their ssh keys, which may want to log in
10 12
 users: {}
11 13
 

+ 2
- 2
tasks/main.yml View File

@@ -18,7 +18,7 @@
18 18
     mode: "u=rw,g=,o="
19 19
   vars:
20 20
     local_user: 'root' 
21
-    remote_users: '{{ admins }}'
21
+    remote_users: '{{ admins_ssh_root_prefix }}'
22 22
     restict_ssh_root_access: true
23 23
 
24 24
 - name: Add admin group
@@ -82,7 +82,7 @@
82 82
     mode: "u=rw,g=,o="
83 83
   vars:
84 84
     local_user: 'ansible' 
85
-    remote_users: '{{ admins }}'
85
+    remote_users: '{{ admins_ssh_root_prefix }}'
86 86
 
87 87
 - name: Copy .bashrc for user ansible
88 88
   become: yes

+ 2
- 2
templates/authorized_keys.j2 View File

@@ -3,8 +3,8 @@
3 3
 {% for user_name in remote_users|sort %}
4 4
 # {{ user_name }}
5 5
 {% for keyfile in lookup('fileglob', '{}/{}*_*.pub'.format(ssh_public_key_store, user_name), wantlist=True) %}
6
-{% if restict_ssh_root_access %}no-port-forwarding,no-agent-forwarding,no-X11-forwarding,command="echo '{{ ssh_root_login_warning }}';echo;sleep 10"{%
7
-endif %} {{ lookup('file', keyfile) }}
6
+{% if restict_ssh_root_access %}no-port-forwarding,no-agent-forwarding,no-X11-forwarding,command="echo '{{ ssh_root_login_warning }}';echo;sleep 10" {%
7
+endif %}{{ lookup('file', keyfile) }}
8 8
 {% endfor %}
9 9
 {% endfor %}
10 10
 

Loading…
Cancel
Save