evolinux-base: allow ssh for current user

When you're not sure to have a proper ssh connection after install,
you can keep the current user authorized.
Example: when using vagrant

This is disabled by default

evolinux-base/README.md

@@ -37,5 +37,6 @@ Main variables are:
 * `evolinux_postfix_purge_exim`: purge Exim packages (default: `True`) ;
 * `evolinux_ssh_password_auth_addresses`: list of addresses that can authenticate with a password (default: `[]`)
 * `evolinux_ssh_disable_root`: disable SSH access for root (default: `False`)
+* `evolinux_ssh_allow_current_user`: don't lock yourself out (default: `False`)
 
 The full list of variables (with default values) can be found in `defaults/main.yml`.

evolinux-base/defaults/main.yml

@@ -111,6 +111,7 @@ evolinux_ssh_include: True
 evolinux_ssh_password_auth_addresses: []
 evolinux_ssh_match_address: True
 evolinux_ssh_disable_acceptenv: True
+evolinux_ssh_allow_current_user: False
 
 # evolinux users
 

evolinux-base/tasks/ssh.yml

@@ -35,4 +35,17 @@
   notify: reload sshd
   when: ansible_distribution_major_version | version_compare('9', '>=')
 
+- name: "Get current user"
+  command: logname
+  register: logname
+  check_mode: no
+  when: evolinux_ssh_allow_current_user
+
+- name: "Allow current user"
+  lineinfile:
+    dest: /etc/ssh/sshd_config
+    line: "AllowUsers {{ logname.stdout }}"
+    insertafter: 'Subsystem'
+  when: evolinux_ssh_allow_current_user
+
 - meta: flush_handlers