Initial commit

tasks/main.yml

@@ -0,0 +1,35 @@
+- name: Create users
+  loop: "{{ sftp_chroot }}"
+  user:
+        name: '{{ item.user }}'
+        shell: /usr/bin/nologin
+        home: '{{ item.home }}'
+        password_lock: no
+  tags:
+        - users
+        - sftp_chroot
+- name: Configure OpenSSH daemon
+  loop: "{{ sftp_chroot }}"
+  blockinfile:
+        path: /etc/ssh/sshd_config
+        marker: "# {mark} ANSIBLE MANAGED BLOCK {{ item.user }}"
+        block: |
+                Match User seedbox
+                AuthorizedKeysFile /etc/ssh/authorized_keys/{{ item.user }}
+                ChrootDirectory {{ item.home }}
+                ForceCommand internal-sftp
+                AllowTcpForwarding no
+                X11Forwarding no
+                PasswordAuthentication no
+  notify: Run service actions
+  tags:
+        - sftp_chroot
+- name: Copy public keys
+  loop: "{{ sftp_chroot }}"
+  copy:
+        follow: yes
+        content: '{{ item.key }}'
+        dest: '/etc/ssh/authorized_keys/{{ item.user }}'
+  tags:
+        - keys
+        - sftp_chroot