create-user: glob controller keys, lint

2025-03-16 18:59:33 -05:00 · 2025-03-16 18:59:33 -05:00 · 5ffe2b9be1
commit 5ffe2b9be1
parent 7f1d80741c
1 changed files with 13 additions and 14 deletions
--- a/roles/create-user/tasks/main.yml
+++ b/roles/create-user/tasks/main.yml
@ -1,8 +1,8 @@
 ---

- name: Create user {{ create_username }}
+- name: "Ensure '{{ create_username }}'"
  become: true
-  user:
+  ansible.builtin.user:
    name: "{{ create_username }}"
    password: "{{ create_pwgen | password_hash('sha512') }}"
    state: present
@ -18,13 +18,11 @@

 - name: Ensure 'sudo' package is installed
  become: true
-  ansible.builtin.package:
-    name: sudo
-    state: present
+  ansible.builtin.package: { name: sudo, state: present }

- name: enable nopasswd sudo
+- name: Enable nopasswd sudo
  become: true
-  lineinfile:
+  ansible.builtin.lineinfile:
    dest: /etc/sudoers
    regexp: '^{{ create_username }}'
    line: "{{ create_username }}   ALL=(ALL:ALL) NOPASSWD:ALL"
@ -32,14 +30,15 @@
    state: present
    validate: 'visudo -cf %s'

- name: copy current pubkeys to ~{{ create_username }}/.ssh/authorized_keys
-  authorized_key:
+- name: "Copy '~/.ssh/id_*.pub' (on controller) to authorized_keys for '{{ create_username }}'"
+  tags: ['keys']
+  ansible.posix.authorized_key:
    user: "{{ create_username }}"
    state: present
-    key: "{{ item }}"
-#    key: "{{ URL_PUBKEYS }}"
-  ignore_errors: true # doesn't support sk-ecdsa-sha2-nistp256 keys
-  with_items:
-    - "{{ lookup('file','~/.ssh/id_ecdsa.pub') }}"
+    key: "{{ lookup('file', item) }}"
+  with_fileglob:
+    - "{{ '~/.ssh/id_*.pub' }}"
+#  with_items:
+#    - "{{ lookup('file','~/.ssh/id_ecdsa.pub') }}"
 #    - "{{ lookup('file','~/.ssh/id_ecdsa_sk.pub') }}"
 #    - "{{ lookup('file','~/.ssh/id_ed25519.pub') }}"