From 397156a1734228d8b7628e57ee4324b843e714dd Mon Sep 17 00:00:00 2001 From: Saibotk Date: Wed, 14 Aug 2024 00:51:48 +0200 Subject: [PATCH] feat!(luks_ssh): Remove all other ssh keys To do so, we refactored the structure of the `luks_ssh_dracut_authorized_keys` variable to only contain ssh filenames. --- roles/luks_ssh/defaults/main.yml | 6 +----- roles/luks_ssh/tasks/main.yml | 11 ++++++----- 2 files changed, 7 insertions(+), 10 deletions(-) diff --git a/roles/luks_ssh/defaults/main.yml b/roles/luks_ssh/defaults/main.yml index 189d394..b00689f 100644 --- a/roles/luks_ssh/defaults/main.yml +++ b/roles/luks_ssh/defaults/main.yml @@ -21,11 +21,7 @@ # The install location for the dracut module luks_ssh_dracut_ssh_dir: /usr/lib/dracut/modules.d/46sshd/ -# The authorized keys -# fields: -# - owner - The owner of the key file -# comment - A comment for the authorized_keys file about the key -# ssh_key - A path to the ssh public key file that should be added +# The authorized keys, array of paths to the ssh public key files that should be added luks_ssh_dracut_authorized_keys: [] # Disables the import state service diff --git a/roles/luks_ssh/tasks/main.yml b/roles/luks_ssh/tasks/main.yml index e028314..b130e39 100644 --- a/roles/luks_ssh/tasks/main.yml +++ b/roles/luks_ssh/tasks/main.yml @@ -29,7 +29,7 @@ ansible.builtin.file: path: "{{ luks_ssh_dracut_ssh_dir }}" state: directory - mode: "0755" + mode: "755" owner: "root" group: "root" become: true @@ -38,11 +38,12 @@ ansible.posix.authorized_key: user: "root" state: present - key: "{{ lookup('file', item.ssh_key) }}" - comment: "{{ item.owner }} - {{ item.comment }} | Managed by Ansible" + exclusive: true + key: | + {% for key in luks_ssh_dracut_authorized_keys %} + {{ lookup('file', key) }} + {% endfor %} path: "{{ luks_ssh_dracut_ssh_dir }}/authorized_keys" - with_items: - - "{{ luks_ssh_dracut_authorized_keys }}" become: true notify: Regenerate dracut