From a76410c522adf4716fc1f8ae50f497338a5d5c0e Mon Sep 17 00:00:00 2001
From: ale <ale@incal.net>
Date: Wed, 9 May 2018 08:30:30 +0100
Subject: [PATCH] Do not run SSH-related tasks unless enable_ssh is set

---
 playbooks/init-credentials.yml      | 8 +-------
 roles/vagrant-compat/tasks/main.yml | 2 ++
 2 files changed, 3 insertions(+), 7 deletions(-)

diff --git a/playbooks/init-credentials.yml b/playbooks/init-credentials.yml
index 8c445b9f..6c8682a1 100644
--- a/playbooks/init-credentials.yml
+++ b/playbooks/init-credentials.yml
@@ -33,19 +33,13 @@
         dest: "{{ vars_dir }}/secrets.yml"
         state: link
 
-    # Generate the SSH CA.
     - name: Generate SSH CA
       local_action: sshca ca="{{ credentials_dir }}/ssh/key"
+      when: enable_ssh
 
-    # Generate the SSO ED25519 key pair.
     - name: Generate SSO credentials
       local_action: ed25519 privkey="{{ credentials_dir }}/sso/secret.key" pubkey="{{ credentials_dir }}/sso/public.key"
 
-    # Generate all the X509 service credentials. The first time this
-    # runs, the service CA will be initialized too.
-    #- name: Generate X509 credentials for all services
-    #  local_action: x509 ca_root="{{ credentials_dir }}/x509" ca_subject="{{ x509_ca_subject | default('') }}" domain="{{ domain }}"
-
     - name: Generate global DH params
       local_action: command openssl dhparam -out "{{ credentials_dir }}/x509/dhparam" "{{ dhparam_bits | default('2048') }}" creates="{{ credentials_dir }}/x509/dhparam"
 
diff --git a/roles/vagrant-compat/tasks/main.yml b/roles/vagrant-compat/tasks/main.yml
index 2e427fd4..9097aadc 100644
--- a/roles/vagrant-compat/tasks/main.yml
+++ b/roles/vagrant-compat/tasks/main.yml
@@ -9,3 +9,5 @@
   copy:
     dest: /etc/ssh/authorized_keys/vagrant
     content: "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key"
+  when: enable_ssh
+
-- 
GitLab