From 38890b431a5d98d0b726e7c98adf3bc0ed816ef2 Mon Sep 17 00:00:00 2001
From: Kristian Klausen <kristian@klausen.dk>
Date: Tue, 27 Apr 2021 23:40:04 +0200
Subject: [PATCH] install_arch: Use the root_ssh role for adding authorized_key

The root_ssh_keys variable was changed in:
ea9f114d ("root_ssh: Support giving root access to only some hosts")
so let's just use the root_ssh role instead of maintaining the logic in
two places.
---
 roles/install_arch/tasks/main.yml           | 15 ++++-----------
 roles/root_ssh/defaults/main.yml            |  2 ++
 roles/root_ssh/tasks/main.yml               |  5 ++++-
 roles/root_ssh/templates/authorized_keys.j2 |  2 +-
 4 files changed, 11 insertions(+), 13 deletions(-)
 create mode 100644 roles/root_ssh/defaults/main.yml

diff --git a/roles/install_arch/tasks/main.yml b/roles/install_arch/tasks/main.yml
index 162f4fb5d..0b384d130 100644
--- a/roles/install_arch/tasks/main.yml
+++ b/roles/install_arch/tasks/main.yml
@@ -171,18 +171,11 @@
   register: chroot_systemd_services
   changed_when: "chroot_systemd_services.rc == 0"
 
-- name: assign pubkey list to fact
-  set_fact: pubkey_list="{{ lookup('file', playbook_dir + "/../../pubkeys/" + item) }}"
-  register: pubkeys
-  vars:
-    playbook_dir: "{{ playbook_dir }}"
-  with_items: "{{ root_ssh_keys }}"
-
-- name: assign pubkey string to fact
-  set_fact: pubkey_string={{ pubkeys.results | map(attribute='ansible_facts.pubkey_list') | join('\n') }}
-
 - name: add authorized key for root
-  authorized_key: user=root key="{{ pubkey_string }}" path=/tmp/root.x86_64/mnt/root/.ssh/authorized_keys exclusive=yes
+  include_role:
+    name: root_ssh
+  vars:
+    root_ssh_directory: /tmp/root.x86_64/mnt/root/.ssh
 
 - name: configure sshd
   template: src=sshd_config.j2 dest=/mnt/etc/ssh/sshd_config owner=root group=root mode=0644
diff --git a/roles/root_ssh/defaults/main.yml b/roles/root_ssh/defaults/main.yml
new file mode 100644
index 000000000..35e935459
--- /dev/null
+++ b/roles/root_ssh/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+root_ssh_directory: /root/.ssh
diff --git a/roles/root_ssh/tasks/main.yml b/roles/root_ssh/tasks/main.yml
index 411652e47..1e7f3ddb7 100644
--- a/roles/root_ssh/tasks/main.yml
+++ b/roles/root_ssh/tasks/main.yml
@@ -1,4 +1,7 @@
 ---
 
+- name: create .ssh directory
+  file: path={{ root_ssh_directory }} state=directory owner=root group=root mode=0700
+
 - name: add authorized keys for root
-  template: src=authorized_keys.j2 dest=/root/.ssh/authorized_keys mode=0600 owner=root group=root
+  template: src=authorized_keys.j2 dest={{ root_ssh_directory }}/authorized_keys mode=0600 owner=root group=root
diff --git a/roles/root_ssh/templates/authorized_keys.j2 b/roles/root_ssh/templates/authorized_keys.j2
index ed6ef148f..d513564c8 100644
--- a/roles/root_ssh/templates/authorized_keys.j2
+++ b/roles/root_ssh/templates/authorized_keys.j2
@@ -1,6 +1,6 @@
 #jinja2: lstrip_blocks: True
 {% for user in root_ssh_keys | sort(attribute="key") -%}
 	{% if user.hosts is not defined or inventory_hostname in user.hosts -%}
-		{{ lookup('file', '../pubkeys/' + user.key ) }}
+		{{ lookup('file', role_path + '/../../pubkeys/' + user.key ) }}
 	{% endif %}
 {% endfor %}
-- 
GitLab