Verified Commit cecfd92e authored by Evangelos Foutras's avatar Evangelos Foutras 🐱
Browse files

archusers: preserve SSH keys of svn-* user accounts

These were previously removed temporarily and re-created several minutes
later during the process of deploying archusers to gemini.archlinux.org.
parent 255da5e8
......@@ -572,3 +572,9 @@ arch_users:
ssh_key: yan12125.pub
groups:
- tu
# utility accounts to protect from the "disable ssh keys of disabled users" task
utility_users:
gemini.archlinux.org:
- svn-packages
- svn-community
......@@ -39,8 +39,9 @@
find: paths="/home" file_type="directory"
register: all_users
# TODO: this removes the keys of svn-packages and svn-community on gemini temporarily. add some form of whitelist for those users?
- name: disable ssh keys of disabled users
file: path="/home/{{ item }}/.ssh/authorized_keys" state=absent
when: item not in (arch_users_filtered | map(attribute='key'))
when:
- item not in (arch_users_filtered | map(attribute='key'))
- item not in (utility_users[inventory_hostname] | default([]))
with_items: "{{ all_users.files | map(attribute='path') | map('basename') | list }}"
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment