marcus
released this
2026-01-12 19:24:30 +01:00
| 8 commits to main since this release
Added
- Optionally configure sshd trusted-user certificate authorities and per-account principals so hosts can accept SSH signed certificates.
- Allow
nixconfig_accounts entries to declare authorized_principals, wiring the generated principals files into sshd signed-certificate support automatically.
Changed
- Consolidated account management into dedicated include files (
accounts.yml, accounts_users.yml, etc.) and moved SSH identity handling into sshd_global.yml / sshd_identities.yml so OS-agnostic orchestration lives in tasks/main.yml.
- Replaced
nixconfig_system_users_present, nixconfig_users_present, and nixconfig_users_absent with a single nixconfig_accounts list that captures state/system/sudo/keys/principals in one place.
- Retagged account-related tasks from
nixconfig:users to nixconfig:accounts for consistency with variables and task names.
Fixed
- Restored fine-grained tag coverage:
nixconfig:sshd now reaches user/group match templates and nixconfig:accounts:* tags consistently hit present/absent flows and their SSH helpers even with selective --tags runs.
- Replaced deprecated top-level fact references with
ansible_facts[...] lookups to silence INJECT_FACTS_AS_VARS warnings and stay compatible with Ansible 2.24+.
Downloads