From 03bc456dfa6e2ebcc6624660b0f315900e011fad Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=A9my=20Lecour?= <jeremy.lecour@gmail.com>
Date: Sat, 7 Oct 2017 12:59:35 +0200
Subject: [PATCH] evolinux-base: allow ssh for current user

When you're not sure to have a proper ssh connection after install,
you can keep the current user authorized.
Example: when using vagrant

This is disabled by default
---
 evolinux-base/README.md         |  1 +
 evolinux-base/defaults/main.yml |  1 +
 evolinux-base/tasks/ssh.yml     | 13 +++++++++++++
 3 files changed, 15 insertions(+)

diff --git a/evolinux-base/README.md b/evolinux-base/README.md
index 570e2313..dbcf7762 100644
--- a/evolinux-base/README.md
+++ b/evolinux-base/README.md
@@ -37,5 +37,6 @@ Main variables are:
 * `evolinux_postfix_purge_exim`: purge Exim packages (default: `True`) ;
 * `evolinux_ssh_password_auth_addresses`: list of addresses that can authenticate with a password (default: `[]`)
 * `evolinux_ssh_disable_root`: disable SSH access for root (default: `False`)
+* `evolinux_ssh_allow_current_user`: don't lock yourself out (default: `False`)
 
 The full list of variables (with default values) can be found in `defaults/main.yml`.
diff --git a/evolinux-base/defaults/main.yml b/evolinux-base/defaults/main.yml
index 174fc2d0..c5b09328 100644
--- a/evolinux-base/defaults/main.yml
+++ b/evolinux-base/defaults/main.yml
@@ -111,6 +111,7 @@ evolinux_ssh_include: True
 evolinux_ssh_password_auth_addresses: []
 evolinux_ssh_match_address: True
 evolinux_ssh_disable_acceptenv: True
+evolinux_ssh_allow_current_user: False
 
 # evolinux users
 
diff --git a/evolinux-base/tasks/ssh.yml b/evolinux-base/tasks/ssh.yml
index 8094d8bc..20b93fed 100644
--- a/evolinux-base/tasks/ssh.yml
+++ b/evolinux-base/tasks/ssh.yml
@@ -35,4 +35,17 @@
   notify: reload sshd
   when: ansible_distribution_major_version | version_compare('9', '>=')
 
+- name: "Get current user"
+  command: logname
+  register: logname
+  check_mode: no
+  when: evolinux_ssh_allow_current_user
+
+- name: "Allow current user"
+  lineinfile:
+    dest: /etc/ssh/sshd_config
+    line: "AllowUsers {{ logname.stdout }}"
+    insertafter: 'Subsystem'
+  when: evolinux_ssh_allow_current_user
+
 - meta: flush_handlers