Add ssh_keys role

17ef4af8 · Sven-Hendrik Haase · 7a931924 · 17ef4af8 · 17ef4af8 · 17ef4af8
Commit 17ef4af8 authored May 28, 2016 by Sven-Hendrik Haase
--- a/playbooks/orion.yml
+++ b/playbooks/orion.yml
@@ -7,4 +7,5 @@
    - common
    - tools
    - sshd
+    - ssh_keys
    - { role: borg-client, backup_host: "root@vostok.archlinux.org", backup_dir: "/backup/orion" }
--- a/playbooks/vostok.yml
+++ b/playbooks/vostok.yml
@@ -7,4 +7,5 @@
    - common
    - tools
    - sshd
+    - ssh_keys
    - { role: borg-server, backup_dir: "/backup", backup_clients: "orion" }
--- a/roles/install_arch/files/florian.pub
+++ b/roles/install_arch/files/florian.pub
--- a/roles/install_arch/files/sven.pub
+++ b/roles/install_arch/files/sven.pub
--- a/roles/install_arch/tasks/main.yml
+++ b/roles/install_arch/tasks/main.yml
@@ -108,9 +108,14 @@
 - name: enable services inside chroot
  command: arch-chroot /mnt systemctl enable sshd systemd-networkd systemd-resolved

+- set_fact: pubkey_list="{{ lookup('file', '../pubkeys/' + item) }}"
+  register: pubkeys
+  with_items: "{{ root_ssh_keys }}"
+
+- set_fact: pubkey_string={{ pubkeys.results | map(attribute='ansible_facts.pubkey_list') | join('\n') }}
+
 - name: add authorized key for root
-  authorized_key: user=root key="{{ item }}" path=/mnt/root/.ssh/authorized_keys
-  with_file: "{{ root_ssh_keys }}"
+  authorized_key: user=root key="{{ pubkey_string }}" path=/mnt/root/.ssh/authorized_keys exclusive=yes

 - name: configure sshd
  template: src=sshd_config.j2 dest=/mnt/etc/ssh/sshd_config owner=root group=root mode=0644

--- a/roles/ssh_keys/tasks/main.yml
+++ b/roles/ssh_keys/tasks/main.yml
+---
+
+- set_fact: pubkey_list="{{ lookup('file', '../pubkeys/' + item) }}"
+  register: pubkeys
+  with_items: "{{ root_ssh_keys }}"
+
+- set_fact: pubkey_string={{ pubkeys.results | map(attribute='ansible_facts.pubkey_list') | join('\n') }}
+
+- name: add authorized key for root
+  authorized_key: user=root key="{{ pubkey_string }}" exclusive=yes