feat!(luks_ssh): Remove all other ssh keys

To do so, we refactored the structure of the `luks_ssh_dracut_authorized_keys` variable to only contain ssh filenames.
2024-08-14 00:51:48 +02:00 · 2024-08-14 00:51:48 +02:00 · 397156a173
commit 397156a173
parent ecefb84a4b
2 changed files with 7 additions and 10 deletions
--- a/roles/luks_ssh/defaults/main.yml
+++ b/roles/luks_ssh/defaults/main.yml
@ -21,11 +21,7 @@
 # The install location for the dracut module
 luks_ssh_dracut_ssh_dir: /usr/lib/dracut/modules.d/46sshd/

-# The authorized keys
-# fields:
-# - owner - The owner of the key file
-#   comment - A comment for the authorized_keys file about the key
-#   ssh_key - A path to the ssh public key file that should be added
+# The authorized keys, array of paths to the ssh public key files that should be added
 luks_ssh_dracut_authorized_keys: []

 # Disables the import state service
--- a/roles/luks_ssh/tasks/main.yml
+++ b/roles/luks_ssh/tasks/main.yml
@ -29,7 +29,7 @@
  ansible.builtin.file:
    path: "{{ luks_ssh_dracut_ssh_dir }}"
    state: directory
-    mode: "0755"
+    mode: "755"
    owner: "root"
    group: "root"
  become: true
@ -38,11 +38,12 @@
  ansible.posix.authorized_key:
    user: "root"
    state: present
-    key: "{{ lookup('file', item.ssh_key) }}"
-    comment: "{{ item.owner }} - {{ item.comment }} | Managed by Ansible"
+    exclusive: true
+    key: |
+      {% for key in luks_ssh_dracut_authorized_keys %}
+      {{ lookup('file', key) }}
+      {% endfor %}
    path: "{{ luks_ssh_dracut_ssh_dir }}/authorized_keys"
-  with_items:
-    - "{{ luks_ssh_dracut_authorized_keys }}"
  become: true
  notify: Regenerate dracut