sftpuser: Initial version of role

2021-09-16 19:44:29 +00:00 · 2021-09-16 19:44:29 +00:00 · c6faecb1b1
commit c6faecb1b1
parent 5d8bf1c994
2 changed files with 37 additions and 0 deletions
--- a/roles/sftpuser/meta/main.yml
+++ b/roles/sftpuser/meta/main.yml
@ -0,0 +1,3 @@
+---
+dependencies:
+  - {role: sshd}
--- a/roles/sftpuser/tasks/main.yml
+++ b/roles/sftpuser/tasks/main.yml
@ -0,0 +1,34 @@
+---
+- name: "create group {{ user }}"
+  group:
+    name: "{{ user }}"
+    system: true
+
+- name: "create user {{ user }}"
+  user:
+    name: "{{ user }}"
+    comment: "Service {{ user }}"
+    createhome: false
+    group: "{{ user }}"
+    home: /var/empty
+    shell: /sbin/nologin
+    system: true
+
+- name: "create authorized_keys for {{ user }}"
+  copy:
+    dest: "/etc/ssh/authorized_keys.{{ user }}"
+    content: "{{ publickeys | join('\n') + '\n'}}"
+    mode: 0640
+    owner: root
+    group: "{{ user }}"
+
+- name: configure sshd chroot
+  blockinfile:
+    path: /etc/ssh/sshd_config
+    block: |
+      Match User {{ user }}
+        ChrootDirectory {{ chroot }}
+        ForceCommand internal-sftp
+        AuthorizedKeysFile /etc/ssh/authorized_keys.{{ user }}
+    validate: "sshd -t -f %s"
+  notify: restart sshd