feat: configure ssh connection on local machine on setup

2024-12-12 12:30:40 -03:00 · 2024-12-12 12:30:40 -03:00 · 449340969c
commit 449340969c
parent 6fa7d0fbd3
4 changed files with 77 additions and 49 deletions
--- a/roles/common/tasks/main.yaml
+++ b/roles/common/tasks/main.yaml
@ -1,24 +1,51 @@
 # yaml-language-server: $schema=https://raw.githubusercontent.com/ansible/ansible-lint/refs/heads/main/src/ansiblelint/schemas/tasks.json

 - name: Setup users
-  loop: "{{ users }}"
+  loop: "{{ users | dict2items }}"
  ansible.builtin.user:
    state: present
-    name: "{{ item.name }}"
-    system: "{{ item.system }}"
-    shell: "{{ item.shell }}"
+    name: "{{ item.key }}"
+    system: "{{ item.value.system }}"
+    shell: "{{ item.value.shell }}"
    create_home: true
-    password: "{{ (item.password != '!' or item.password != '*') | ternary(item.password | password_hash('sha512'), item.password) }}"
-    groups: "{{ item.groups + (extra_groups | default([])) }}"
+    password: "{{ (item.value.password != '!' or item.value.password != '*') | ternary(item.value.password | password_hash('sha512'), item.value.password) }}"
+    groups: "{{ item.value.groups + (extra_groups | default([])) }}"

 - name: Add SSH public key to users
-  loop: "{{ users }}"
+  loop: "{{ users | dict2items }}"
  ansible.posix.authorized_key:
-    user: "{{ item.name }}"
+    user: "{{ item.key }}"
    state: present
    exclusive: true
-    key: "{{ item.ssh_keys.pub }}"
-    key_options: "{{ 'command=\"' + robo_allowed_commands | join('; ') + '\"' if robo_allowed_commands is defined and item.name == 'robo' else omit }}"
+    key: "{{ lookup('file', item.value.ssh_keys.pub) }}"
+    key_options: "{{ 'command=\"' + robo_allowed_commands | join('; ') + '\"' if robo_allowed_commands is defined and item.key == 'robo' else omit }}"
+
+- name: Configure SSH login for current user if present
+  vars:
+    user_name: "{{ lookup('env', 'USER') }}"
+    user_dir: "{{ lookup('env', 'HOME') }}"
+    current_user: "{{ users[user_name] | default(None) }}"
+  when: current_user
+  block:
+    - name: Save SSH Key in localhost
+      run_once: True
+      local_action:
+        module: copy
+        src: "{{ current_user.ssh_keys.priv }}"
+        dest: "{{ user_dir }}/.ssh/credentials/homelab"
+        owner: "{{ user_name }}"
+        group: "{{ user_name }}"
+        mode: '0600'
+
+    - name: Configure SSH host
+      local_action:
+        module: community.general.ssh_config
+        user: "{{ user_name }}"
+        host: "{{ inventory_hostname }}"
+        hostname: "{{ ansible_default_ipv4.address }}"
+        identity_file: "{{ user_dir }}/.ssh/credentials/homelab"
+        port: "{{ ansible_port | default(22) }}"
+        state: present

 - name: Disable password authentication for SSH
  become: true