0
0
ssh-key-rotation-role/tasks/main.yaml

51 lines
1.4 KiB
YAML

---
- name: Check if the passphrase inputs match
assert:
that:
- "{{ passphrase == confirm_passphrase }}"
fail_msg: "Passphrase inputs do not match"
when: passphrase != confirm_passphrase
- import_tasks: generate_key.yaml
when: generate_new_key | default(True)
- name: Ensure that ssh connection key is defined
assert:
that: ssh_connection_key is defined
- name: Set Authorized key(s) to the authorized keys file
become: true
when: ssh_connection_key is defined
authorized_key:
exclusive: '{{ is_exclusive }}'
user: '{{ ssh_host_user }}'
state: present
path: '/home/{{ ssh_host_user }}/{{ authorized_keys_path }}'
manage_dir: '{{ should_manage_dir }}'
key: "{{ ssh_connection_key }}"
- name: copy
when: generate_new_key != true
copy:
content: "{{ ssh_connection_key }}"
dest: "{{ ssh_key_path }}"
- name: Add deployment key
when: ssh_deployment_key is defined
become: yes
become_user: root
authorized_key:
user: '{{ ssh_host_user }}'
state: present
path: '/home/{{ ssh_host_user }}/{{ authorized_keys_path }}'
manage_dir: '{{ should_manage_dir }}'
key: "{{ ssh_deployment_key }}"
- name: Set ownership and permissions for SSH private key
ansible.builtin.file:
path: '/home/{{ ssh_host_user }}/{{ ssh_key_path }}'
owner: 1000
group: 1000
mode: 0600
delegate_to: localhost