Adding option for configuring a secondary account

2022-08-25 09:30:20 -06:00 · 2022-08-25 09:30:20 -06:00 · 17d06adb73
commit 17d06adb73
parent c1656f82ec
4 changed files with 34 additions and 24 deletions
--- a/roles/base/defaults/main.yml
+++ b/roles/base/defaults/main.yml
@ -8,12 +8,18 @@
 # General
 # =======

-# User that should have the authorized keys added
+# User that should be configured for future management
 base_core_management_user: "{{ ansible_user }}"

+# Secondary user that may be configured for future management
+base_core_secondary_user: ""
+
 # If enabled, the password for the management user account will be disabled
 base_core_management_user_disable_password: false

+# If enabled, the password for the secondary user account will be disabled
+base_core_secondary_user_disable_password: false
+
 # Install all available updates at runtime
 base_core_install_updates: true

@ -53,9 +59,6 @@ base_core_root_ca_url: ""
 # SSH
 # ===

-# Added the public keys to an additional user if defined
-base_core_ssh_public_keys_user: ""
-
 # Allow ssh root login
 base_core_ssh_permit_root_login: false

--- a/roles/base/tasks/core.yml
+++ b/roles/base/tasks/core.yml
@ -83,3 +83,9 @@
    name: "{{ base_core_management_user }}"
    password_lock: yes
  when: base_core_management_user_disable_password == true
+
+- name: Disable password for secondary management account
+  user:
+    name: "{{ base_core_secondary_user }}"
+    password_lock: yes
+  when: base_core_secondary_user != "" and base_core_secondary_user_disable_password == true
--- a/roles/base/tasks/core_ssh.yml
+++ b/roles/base/tasks/core_ssh.yml
@ -30,12 +30,12 @@

 - name: Setup authorized keys for secondary user
  authorized_key:
-    user: "{{ base_core_ssh_public_keys_user }}"
+    user: "{{ base_core_secondary_user }}"
    state: present
    key: '{{ lookup("file", item) }}'
  with_fileglob:
    - "public_keys/*"
-  when: base_core_ssh_public_keys_user != ""
+  when: base_core_secondary_user != ""
  tags:
  - authorized_key