1
0
IaC/ansible/roles/sshd/tasks/setup_key.yaml

56 lines
1.7 KiB
YAML

---
- name: Ensure ssh config dir exists
delegate_to: localhost
become: false
ansible.builtin.file:
path: "{{ lookup('env', 'HOME') }}/.ssh/conf.d/{{ sshd.config_path }}"
state: directory
owner: "{{ lookup('env', 'USER') }}"
group: "{{ lookup('env', 'USER') }}"
mode: '0700'
- name: Generate local SSH key pair
delegate_to: localhost
become: false
community.crypto.openssh_keypair:
backend: opensshbin
comment: "{{ ansible_user }}@{{ static_fqdn }}"
mode: '0600'
passphrase: "{{ ssh_keygen_passphrase }}"
path: "{{ lookup('env', 'HOME') }}/.ssh/conf.d/{{ sshd.config_path }}/{{ static_fqdn }}"
regenerate: full_idempotence
size: 521
state: present
type: ecdsa
register: ssh_keygen
- name: Copy SSH pubkey to target
ansible.posix.authorized_key:
key: "{{ ssh_keygen.public_key }}"
user: "{{ ansible_user }}"
state: present
- name: Add local ssh client config
delegate_to: localhost
become: false
community.general.ssh_config:
host: "{{ sshd.nickname | default(omit) }} {{ static_fqdn }}"
hostname: "{{ static_fqdn }}"
identity_file: "{{ ssh_keygen.filename }}"
port: "{{ sshd.listen.port | default('22') }}"
remote_user: "{{ ansible_user }}"
ssh_config_file: "{{ lookup('env', 'HOME') }}/.ssh/conf.d/{{ sshd.config_path }}/{{ static_fqdn }}.conf"
state: present
- name: Include generated ssh config in default config file
delegate_to: localhost
become: false
ansible.builtin.lineinfile:
path: "{{ lookup('env', 'HOME') }}/.ssh/config"
line: "Include {{ lookup('env', 'HOME') }}/.ssh/conf.d/{{ sshd.config_path }}/{{ static_fqdn }}.conf"
mode: '0600'
state: present
create: true
insertafter: ^Include\s.*$