diff --git a/README.md b/README.md
index 217647dd84b8302794da2e7ffd80cf4c31ca7bb8..d73a8e75875480356d1f96e117b9abed6ccd9005 100644
--- a/README.md
+++ b/README.md
@@ -39,11 +39,16 @@ yunohost:
firstname: Jane
lastname: Doe
domain: {{ domain }}
- - name: user1 # user which uses the first extra_domain for its account
+ - name: user2 # user which uses the first extra_domain for its account
pass: p@ssw0rd
- firstname: Jane
+ firstname: John
lastname: Doe
domain: {{ extra_domain.[1] }}
+ admin_users:
+ - name: admin # user generated by yunohost as its admin user
+ key: ssh-rsa ... # key for admin user
+ - name: user1 # user generated by yunohost and defined by you
+ key: ssh-rsa ... # key for
```
Dependencies
diff --git a/default/main.yml b/default/main.yml
index 3f3a500a0f99e2aae9243b74b39d04fb3a3a7ff0..80bb4c5599984380b922f52fc3c119efc3f5925f 100644
--- a/default/main.yml
+++ b/default/main.yml
@@ -6,3 +6,4 @@ yunohost:
ignore_dyndns: False
apps: ~
users: ~
+ admin_users:
diff --git a/tasks/admin_users.yml b/tasks/admin_users.yml
new file mode 100644
index 0000000000000000000000000000000000000000..b515866fbe4b5ffdd60d5a8e4a41eda04632c759
--- /dev/null
+++ b/tasks/admin_users.yml
@@ -0,0 +1,13 @@
+---
+- name: add sshkey for admin user:
+ ansible.posix.authorized_key:
+ user: "{{ item.name }}"
+ state: present
+ key: "{{ item.key }}"
+ loop: "{{ yunohost.admin_users }}"
+
+- name: Disable Password Authentication for ssh.usage
+ ansible.builtin.replace:
+ path: /etc/ssh/sshd_config
+ regex: PasswordAuthentication
+ replace: 'PasswordAuthentication no\1'
diff --git a/tasks/main.yml b/tasks/main.yml
index b01d51bdcd798541a4d633bf6c597f091aefdce6..2dbc71ae1741b1ad45566e1e5e3d132aa2cb017e 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -45,6 +45,10 @@
ansible.builtin.include: users.yml
when: yunohost.users
+- name: Add ssh for admin user
+ ansible.builtin.include: admin_users.yml
+ when: yunohost.admin_users is defined
+
- name: Install apps
ansible.builtin.include: apps.yml
when: yunohost.apps