From 906868f34e0f9879f1cbaa7e7d305b6762540d4e Mon Sep 17 00:00:00 2001 From: Julian Rother Date: Tue, 21 Jan 2025 21:01:36 +0100 Subject: [PATCH] Deploy ssh authorized keys --- defaults/main.yml | 2 ++ tasks/main.yml | 8 ++++++++ tasks/tenant.yml | 8 ++++++++ templates/ssh_authorized_keys.j2 | 7 +++++++ 4 files changed, 25 insertions(+) create mode 100644 templates/ssh_authorized_keys.j2 diff --git a/defaults/main.yml b/defaults/main.yml index bdb26d0..d216110 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -8,6 +8,8 @@ php_tenants: {} # fpm_pool: # : ... +php_tenant_ssh_keys: {} + php_tenants_fpm_pool_defaults: # Overwritten in template: #user: www-{{ tenant.name }} diff --git a/tasks/main.yml b/tasks/main.yml index c29b2f7..a48342c 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,3 +1,11 @@ +- name: Create ssh key directory + ansible.builtin.file: + path: /etc/ssh/www_authorized_keys + owner: root + group: root + state: directory + mode: "0755" + - name: Setup tenants loop: "{{ php_tenants|dict2items(key_name='name', value_name='options') }}" loop_control: diff --git a/tasks/tenant.yml b/tasks/tenant.yml index 90d563c..fd6c9bd 100644 --- a/tasks/tenant.yml +++ b/tasks/tenant.yml @@ -40,3 +40,11 @@ name: 'www-{{ tenant.name }}' priv: 'www-{{ tenant.name }}-%.*:ALL PRIVILEGES' plugin: unix_socket + +- name: 'Write ssh authorized_keys file for user www-{{ tenant.name }}' + ansible.builtin.template: + src: ssh_authorized_keys.j2 + dest: "/etc/ssh/www_authorized_keys/www-{{ tenant.name }}" + owner: root + group: 'www-{{ tenant.name }}' + mode: 0640 diff --git a/templates/ssh_authorized_keys.j2 b/templates/ssh_authorized_keys.j2 new file mode 100644 index 0000000..70cf1d3 --- /dev/null +++ b/templates/ssh_authorized_keys.j2 @@ -0,0 +1,7 @@ +# {{ ansible_managed }} + +{% for key_name in tenant.options.ssh_keys|d([]) %} +#{{ key_name }} +{{ php_tenant_ssh_keys[key_name] }} + +{% endfor %}