From b106621fbe2e9660f50bf5b126cf4b11122c0526 Mon Sep 17 00:00:00 2001
From: Karel van Klink <karel.vanklink@geant.org>
Date: Mon, 27 Mar 2023 14:57:11 +0200
Subject: [PATCH] Add SSH key to user

---
 README.md                             |  4 ++--
 roles/gap_utility_user/tasks/main.yml | 10 +++++++---
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index c572c5a..b63af0d 100644
--- a/README.md
+++ b/README.md
@@ -4,7 +4,7 @@ A -- very simple -- Ansible playbook that adds a new local user to `utility[\d+]
 
 Example usage of this playbook:
 ```
-ansible-playbook -i 127.0.0.1, playbook.yml -e "username=$USERNAME" -e "full_name=$YOUR_NAME" -k
+ansible-playbook -i 127.0.0.1, playbook.yml -e "username=$USERNAME" -e "full_name=$YOUR_NAME" -e "ssh_key_path=$YOUR_SSH_KEY" -k
 ```
 
-Remember to fill in the variables `$USERNAME` and `$YOUR_NAME`
+Remember to fill in the variables `$USERNAME`, `$YOUR_NAME`, and `$YOUR_SSH_KEY`.
diff --git a/roles/gap_utility_user/tasks/main.yml b/roles/gap_utility_user/tasks/main.yml
index f705e9a..fd0e439 100644
--- a/roles/gap_utility_user/tasks/main.yml
+++ b/roles/gap_utility_user/tasks/main.yml
@@ -4,11 +4,15 @@
     comment: "{{ full_name }}"
     groups: sudo
     append: yes
-    # generate_ssh_key: yes
-    # ssh_key_bits: 4096
-    # ssh_key_comment: "{{ username }}'s key"
+    password: '!'      #  Do not allow login with a password
+    password_lock: yes #  Login with SSH key only
   register: user_output
 
+- name: Add SSH key to user for logging in
+  ansible.posix.authorized_key:
+    user: "{{ username }}"
+    key: "{{ ssh_key_path }}"
+
 - name: Create new VM for development
   ansible.builtin.debug:
     msg: "Now, provision a new VM using Terraform"
-- 
GitLab