feat!(luks_ssh): Remove all other ssh keys

To do so, we refactored the structure of the `luks_ssh_dracut_authorized_keys` variable to only contain ssh filenames.

roles/luks_ssh/defaults/main.yml

@@ -21,11 +21,7 @@
 # The install location for the dracut module
 luks_ssh_dracut_ssh_dir: /usr/lib/dracut/modules.d/46sshd/
 
-# The authorized keys
+# The authorized keys, array of paths to the ssh public key files that should be added
-# fields:
-# - owner - The owner of the key file
-#   comment - A comment for the authorized_keys file about the key
-#   ssh_key - A path to the ssh public key file that should be added
 luks_ssh_dracut_authorized_keys: []
 
 # Disables the import state service

roles/luks_ssh/tasks/main.yml

@@ -29,7 +29,7 @@
   ansible.builtin.file:
     path: "{{ luks_ssh_dracut_ssh_dir }}"
     state: directory
-    mode: "0755"
+    mode: "755"
     owner: "root"
     group: "root"
   become: true
@@ -38,11 +38,12 @@
   ansible.posix.authorized_key:
     user: "root"
     state: present
-    key: "{{ lookup('file', item.ssh_key) }}"
+    exclusive: true
-    comment: "{{ item.owner }} - {{ item.comment }} | Managed by Ansible"
+    key: |
+      {% for key in luks_ssh_dracut_authorized_keys %}
+      {{ lookup('file', key) }}
+      {% endfor %}
     path: "{{ luks_ssh_dracut_ssh_dir }}/authorized_keys"
-  with_items:
-    - "{{ luks_ssh_dracut_authorized_keys }}"
   become: true
   notify: Regenerate dracut