From 92a9fd03e00da340ca6f6a417403d081fcf918b1 Mon Sep 17 00:00:00 2001
From: ale <ale@incal.net>
Date: Wed, 3 Feb 2021 11:45:13 +0000
Subject: [PATCH] Manage root SSH keys
---
group_vars/all/admins.yml | 35 +++++++++++++++++++++++++++++++++++
roles/base/tasks/main.yml | 8 ++++++++
update-ssh.yml | 6 ------
3 files changed, 43 insertions(+), 6 deletions(-)
create mode 100644 group_vars/all/admins.yml
delete mode 100644 update-ssh.yml
diff --git a/group_vars/all/admins.yml b/group_vars/all/admins.yml
new file mode 100644
index 0000000..5576e91
--- /dev/null
+++ b/group_vars/all/admins.yml
@@ -0,0 +1,35 @@
+$ANSIBLE_VAULT;1.1;AES256
+30303863333236626336613461363965303538333966346536356165303466613762333836323739
+6563356561653737306134393761393733346132326438630a646365343564383638646232623033
+39633363366439656262666531636664653933653739633930653136303262346332343337663739
+3761303264646436660a653638653138353130623830623866646538303663636332383239636539
+63353435363766376165326439363762656563373237383132656333633461626462363835616566
+34343338373437666461353365343638346539336364366162666361323964343834336130643037
+38376636373066376666303537613232303031366536343766303665383662376531633839643035
+37613566373130323362626235376161613661646431366263333462363636306665626564373466
+66646130666537323136343565633939663731616631653638353430313332393238646563643238
+39616139623734303365373863636338666365306631646461343736383230633032356337663633
+32383262656461643431663762393434653539363736313538663062363533306131396634333365
+37343237356266616661343165363962623335613062386236663932663333386131643666383961
+36353565353735303137353030313838333866363135353735313837306636356661343564316364
+33353866343162393537663039393438313264623036626236646631623030313331613764353032
+37363636303132376532633734393437393966303931313431663966383530616137326235306166
+64646432386661333065633964633138613832333833303162616363623165366561393532303233
+63393465646562663931613961623066386638353734663938346234353231323266643961643666
+62666261393661363738653965303463373564373533316665333865636162396132396164373536
+61303434623833306631626636373731653031643935323134383131366261396138366234376261
+39333031626332346665313865613964393933623038336339366331326265666465656430303139
+61346662616432386137666166373965623239626439636565633635343730643830613761633633
+37333061363165656264346136333630633733633166613937323733393337393763653364616664
+31323366633766393231363933346561356538363436366434623763343036653336383362393862
+37633734333462653132383736343333663063396532653834326263373935653136643862363966
+34636664376137393235333734353233316338623233313533666263613736643035383664366532
+37306434323135303434323365343937383462313133623562326335396437383266616137663838
+39333362656333663837616561303931366362313832663462353633333263393565663635373630
+62633335316538383235383564623336336233616335623930353739353035626366616132303332
+66306339616231323633336231653461373864373237353834363866386335613034333961613832
+66643963656265663833356365316139663935393639316261346332363965363662373561346537
+31653761356139393833323032643563396237393333366666383032366136656131363030613937
+38636130663266313239303462306539643762656165313935336562353664323065313036313261
+61343431356238363639623964616239333836333161303234666363393561626530303663333639
+3837386563316637613639366338323263343837633863626435
diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml
index 972b0af..cf35bd0 100644
--- a/roles/base/tasks/main.yml
+++ b/roles/base/tasks/main.yml
@@ -69,6 +69,14 @@
- loggo
- ipset
+- name: Configure SSH authorized keys
+ authorized_key:
+ user: root
+ state: present
+ exclusive: true
+ key: "{{ admin_ssh_keys | join('\n') }}"
+ when: admin_ssh_keys is defined
+
- name: Configure distributed journald query client
template:
src: loggo.sh.j2
diff --git a/update-ssh.yml b/update-ssh.yml
deleted file mode 100644
index 33285f3..0000000
--- a/update-ssh.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-
-- hosts: all
- tasks:
- - command: scw-fetch-ssh-keys --upgrade
-
--
GitLab