Add method to remove inactive SSH keys
This commit is contained in:
parent
25dde4709b
commit
ea9fe5570f
|
@ -110,6 +110,8 @@ admin_users:
|
|||
uid: 500
|
||||
keys:
|
||||
- "ssh-ed25519 MyKey 2019-06"
|
||||
removed:
|
||||
- "ssh-ed25519 ObsoleteKey 2017-01"
|
||||
|
||||
# Backup user SSH user keys, for remote backups separate from administrative users (e.g. rsync)
|
||||
# > Uncomment to activate this functionality.
|
||||
|
|
|
@ -838,6 +838,7 @@
|
|||
authorized_key:
|
||||
user: "{{ deploy_username }}"
|
||||
key: "{{ item.1 }}"
|
||||
state: present
|
||||
with_subelements:
|
||||
- "{{ admin_users }}"
|
||||
- keys
|
||||
|
@ -845,6 +846,18 @@
|
|||
- users
|
||||
- user-deploy
|
||||
|
||||
- name: remove authorized keys
|
||||
authorized_key:
|
||||
user: "{{ deploy_username }}"
|
||||
key: "{{ item.1 }}"
|
||||
state: absent
|
||||
with_subelements:
|
||||
- "{{ admin_users }}"
|
||||
- removed
|
||||
tags:
|
||||
- users
|
||||
- user-deploy
|
||||
|
||||
# admin_users
|
||||
- name: ensure user exists
|
||||
user:
|
||||
|
@ -890,6 +903,7 @@
|
|||
authorized_key:
|
||||
user: "{{ item.0.name }}"
|
||||
key: "{{ item.1 }}"
|
||||
state: present
|
||||
with_subelements:
|
||||
- "{{ admin_users }}"
|
||||
- keys
|
||||
|
@ -897,6 +911,18 @@
|
|||
- users
|
||||
- user-admin
|
||||
|
||||
- name: remove authorized keys
|
||||
authorized_key:
|
||||
user: "{{ item.0.name }}"
|
||||
key: "{{ item.1 }}"
|
||||
state: absent
|
||||
with_subelements:
|
||||
- "{{ admin_users }}"
|
||||
- removed
|
||||
tags:
|
||||
- users
|
||||
- user-deploy
|
||||
|
||||
- name: write bashrc to homedir
|
||||
template:
|
||||
src: var/home/user/bashrc.j2
|
||||
|
|
Loading…
Reference in New Issue