Commit 17ef4af8 authored by Sven-Hendrik Haase's avatar Sven-Hendrik Haase
Browse files

Add ssh_keys role

parent 7a931924
......@@ -7,4 +7,5 @@
- common
- tools
- sshd
- ssh_keys
- { role: borg-client, backup_host: "root@vostok.archlinux.org", backup_dir: "/backup/orion" }
......@@ -7,4 +7,5 @@
- common
- tools
- sshd
- ssh_keys
- { role: borg-server, backup_dir: "/backup", backup_clients: "orion" }
......@@ -108,9 +108,14 @@
- name: enable services inside chroot
command: arch-chroot /mnt systemctl enable sshd systemd-networkd systemd-resolved
- set_fact: pubkey_list="{{ lookup('file', '../pubkeys/' + item) }}"
register: pubkeys
with_items: "{{ root_ssh_keys }}"
- set_fact: pubkey_string={{ pubkeys.results | map(attribute='ansible_facts.pubkey_list') | join('\n') }}
- name: add authorized key for root
authorized_key: user=root key="{{ item }}" path=/mnt/root/.ssh/authorized_keys
with_file: "{{ root_ssh_keys }}"
authorized_key: user=root key="{{ pubkey_string }}" path=/mnt/root/.ssh/authorized_keys exclusive=yes
- name: configure sshd
template: src=sshd_config.j2 dest=/mnt/etc/ssh/sshd_config owner=root group=root mode=0644
......
---
- set_fact: pubkey_list="{{ lookup('file', '../pubkeys/' + item) }}"
register: pubkeys
with_items: "{{ root_ssh_keys }}"
- set_fact: pubkey_string={{ pubkeys.results | map(attribute='ansible_facts.pubkey_list') | join('\n') }}
- name: add authorized key for root
authorized_key: user=root key="{{ pubkey_string }}" exclusive=yes
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment