From 3b6a005663ac49a627828f3cefbe678fec1f4f9d Mon Sep 17 00:00:00 2001 From: Pilou Date: Mon, 28 Feb 2022 15:00:13 +0100 Subject: [PATCH] Add my SSH key to root account (#27) --- dl.yml | 28 ++++++++-------------------- group_vars/all/authorized_keys | 16 ++++++++++++++++ group_vars/all/vars | 14 ++++++++------ roles/common/tasks/main.yml | 4 ++-- 4 files changed, 34 insertions(+), 28 deletions(-) create mode 100644 group_vars/all/authorized_keys diff --git a/dl.yml b/dl.yml index 66e55d1..cd56135 100644 --- a/dl.yml +++ b/dl.yml @@ -3,16 +3,10 @@ - hosts: dl vars: uploaders: - - login: mdk - authorized_keys: | - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8vv8vwmbyhFEa0chj8LklnnY6DRLKj2OM0NgaMTd9SsrtBeLMqTt34pU+kKl6/9EIe9P8Z1/fWFyOiTsE7Khf3rkNsoILPmEV14i18Bvtp4nMtljqZaKVkAcRjPvo7flRWNxxL2Zbo+BEr3wVCl3Sc6YV8oQzCwVPKf34AB39b+PW4f3580Aqcd4Ci6zca0Ol95tLDv1slX1A7QcpoZAne8kj5h6bb4cC7FLBC9+xOSKmzoLOlP7LsyxaUUGRyi/FeMoma1VES65aIJ5U23GtZrzZI3tKz+vpQvOVaozNTDkNLiiJkjd3Ew1I10wArpZixjwSndP8CvGFyJc1XUXZ julien+yubikey5@palard.fr - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKA7DgTQ0G7+kdsX0lIUOAAOllwGSCu8s8TxPvr/61Y8q+pIO5mrZycI0xYcKP5NZaABqlFyXUUNfLj7RLqteBxqq2QZP4NOJ1MutYRIkzJ9YW0f565jHaOqSguz0MY+1sCHtuEPiUUZoNexkKN7SIx60SfoaMEvGjAj46txA7VFbJUuKcJtA1Yvmn0C0KoXUUQ/G+JqvjQ7QuKLQYdTZ8S9OEvNaqNfwNSwvy1/LCnuajFw0O+H5bz7AcS5Iuj+9k8wgHPK1a1rQEdteOcn2XBCvta/VOVlFLv6/9K3iU3EJ1pyaZ88UkuJef8aWnH/AJGaF2gLqUbBuL+UeXyD41 julien+yubikey4@palard.fr - - login: hs-157 - authorized_keys: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILQxDNqPx1uYblrbeliQZ5scDPFuMElTRBJmjUFwUMUB hs-157@jirafenn-2021-04-06" - - login: pilou - authorized_keys: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1FuL8/1P24e+kGtn4Ko1Yh0JL/bN0fnat8GSVGggJcxhuTSw6JLLSSkvFe2Kk8h0ymKNXrEwS925dS4p8QDlkj5NM54kSqty3cBAHbcMDsXqTu0qG8UKl5kpf13VKtlSbyVzMMBUyQ4Q9hlbr1CsB58tx5TcpL2q6sh8jvzh3Scux6h1N5RcwrStNnD5A4wJZzk+o7ETm3l5mFmB5ytT+k61eANVyPtnpt4U09R6eBABo/d/gkjNdZyfg7tEzAHESgYl8eV/SLmsKndyPQyp0vkCTdWH4CfTFNJ4FdAQ/InUNrLReySuwxmyIIVNle3gS3ClYcEPUvBVmzIjIufLDfSKnLHGBK0mv+QDiShEHRweQ2DlU4xqb3LH24das+f3hHXMxXi+tPvJ0jHm9y0xaVZvFKrU/NDaAHgUphGhjWGWOyjcYsNMIbfkFOXftMzGQFDY1DSfuz10T/wk0Z+MZXQrX9i2JYe65L+VveeyJIM7B/3bk35fqtP2bZ0hcyiD3MmbNg8U0WYhzXjK0yiPnb6yvajI8tMYMZNXKRokJIrkK6WSHprJKDpYlgFuE9mve2RdLH05X8XYKZVtR6pEyks8sGH4U9k7yAWw+AU7G4754vx/wbcGCucw1JrAzY8g9o1w84wFaH78IX6Nb5Tz5kGNxxTPRwMcLpUf0jA2B4w== pilou@smartcard - - login: entwanne - authorized_keys: [] + - mdk + - hs-157 + - pilou + - entwanne tasks: - name: Basic setup @@ -26,11 +20,9 @@ - name: Create uploaders accounts user: group: uploaders - name: "{{ item.login }}" + name: "{{ item }}" state: present loop: "{{ uploaders }}" - loop_control: - label: "{{ item.login }}" - name: mkdir uploaders .ssh file: @@ -38,21 +30,17 @@ state: directory mode: 0755 become: yes - become_user: "{{ item.login }}" + become_user: "{{ item }}" loop: "{{ uploaders }}" - loop_control: - label: "{{ item.login }}" - name: Set user authorized keys copy: - content: "{{ item.authorized_keys }}" + content: "{{ authorized_keys[item]|join('\n') }}" dest: "~/.ssh/authorized_keys" mode: 0644 become: yes - become_user: "{{ item.login }}" + become_user: "{{ item }}" loop: "{{ uploaders }}" - loop_control: - label: "{{ item.login }}" - name: Install dependencies apt: diff --git a/group_vars/all/authorized_keys b/group_vars/all/authorized_keys new file mode 100644 index 0000000..2a1b090 --- /dev/null +++ b/group_vars/all/authorized_keys @@ -0,0 +1,16 @@ +--- +authorized_keys: + asyd: + - ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJP+t8d7oLqPhXG40+jWogT+cK1ciiS+XB/nV8IoLw9gxrC05oWIoUo6vuqp0W+ugm7nf+zlIqEMjPHDzRp52iQ= asyd@asuka + entwanne: [] + hs-157: + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILQxDNqPx1uYblrbeliQZ5scDPFuMElTRBJmjUFwUMUB hs-157@jirafenn-2021-04-06 + marc: + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDVLcQld0qXYkStjCjkOLvoAk80iFwOPWY1Nv2EzU6P8o2dxOaHBuO1YcaB7XmK6rP1bf4xjOQtlhDGCSZ7lIM3H8gEHTfsVw3odbaoq/B0NpP8j+PL4YMJMzY+SUXZTILYUiJ3uuR064z21mpNcNWwWY/2NM6k7h93AOfxNo6ZxO460sHOlAlHNqlsyUGhtIWndCTAQ1wpT2YMWo/y8HCwizYGZz4HQ04nVTK9DLftb7bBxaqTtiPnx+VzYsRg1Ma1OvBggehL6iiXu6xpyXarRx99n3SVO8ptx/rmaX3tyB2ZN2kcxAYHscgh2vRrVm6BWmSF1XXuf2Vu35Lo0K510Jd92gbkBVair7ZtR6hFcNhDHfA87mhdqvld3XwL9/D93ZSGo4FCSJb0xdq4HtpsMVE20yEiDyOe7KeShbur3YYzdZAAmvhTaUyjfm9qReIS/OoAIePZvTNiX3/sbVwdDMzXp+6C17aGFGZ2ONug63Rs0ePdVmYUgFnm26tYfznuQwZcRlCEJwlMI2nYaKQk0GG1NbzHrZZdnCIujav0Ncdpi2RZgb4nlWX66mO16HcYpheMGpClBDxya9FM6ga7WFc72Z0xHfB1HTemEN/qlA1hroNK/DuRJzT/oxp7rd2YhcunmXrucKX4/KlkA0FcNbNY/sVsF2dr4oGBr3pzvQ== marc@debureaux.fr + mdk: + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKA7DgTQ0G7+kdsX0lIUOAAOllwGSCu8s8TxPvr/61Y8q+pIO5mrZycI0xYcKP5NZaABqlFyXUUNfLj7RLqteBxqq2QZP4NOJ1MutYRIkzJ9YW0f565jHaOqSguz0MY+1sCHtuEPiUUZoNexkKN7SIx60SfoaMEvGjAj46txA7VFbJUuKcJtA1Yvmn0C0KoXUUQ/G+JqvjQ7QuKLQYdTZ8S9OEvNaqNfwNSwvy1/LCnuajFw0O+H5bz7AcS5Iuj+9k8wgHPK1a1rQEdteOcn2XBCvta/VOVlFLv6/9K3iU3EJ1pyaZ88UkuJef8aWnH/AJGaF2gLqUbBuL+UeXyD41 julien+yubikey4@palard.fr + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8vv8vwmbyhFEa0chj8LklnnY6DRLKj2OM0NgaMTd9SsrtBeLMqTt34pU+kKl6/9EIe9P8Z1/fWFyOiTsE7Khf3rkNsoILPmEV14i18Bvtp4nMtljqZaKVkAcRjPvo7flRWNxxL2Zbo+BEr3wVCl3Sc6YV8oQzCwVPKf34AB39b+PW4f3580Aqcd4Ci6zca0Ol95tLDv1slX1A7QcpoZAne8kj5h6bb4cC7FLBC9+xOSKmzoLOlP7LsyxaUUGRyi/FeMoma1VES65aIJ5U23GtZrzZI3tKz+vpQvOVaozNTDkNLiiJkjd3Ew1I10wArpZixjwSndP8CvGFyJc1XUXZ julien+yubikey5@palard.fr + pilou: + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1FuL8/1P24e+kGtn4Ko1Yh0JL/bN0fnat8GSVGggJcxhuTSw6JLLSSkvFe2Kk8h0ymKNXrEwS925dS4p8QDlkj5NM54kSqty3cBAHbcMDsXqTu0qG8UKl5kpf13VKtlSbyVzMMBUyQ4Q9hlbr1CsB58tx5TcpL2q6sh8jvzh3Scux6h1N5RcwrStNnD5A4wJZzk+o7ETm3l5mFmB5ytT+k61eANVyPtnpt4U09R6eBABo/d/gkjNdZyfg7tEzAHESgYl8eV/SLmsKndyPQyp0vkCTdWH4CfTFNJ4FdAQ/InUNrLReySuwxmyIIVNle3gS3ClYcEPUvBVmzIjIufLDfSKnLHGBK0mv+QDiShEHRweQ2DlU4xqb3LH24das+f3hHXMxXi+tPvJ0jHm9y0xaVZvFKrU/NDaAHgUphGhjWGWOyjcYsNMIbfkFOXftMzGQFDY1DSfuz10T/wk0Z+MZXQrX9i2JYe65L+VveeyJIM7B/3bk35fqtP2bZ0hcyiD3MmbNg8U0WYhzXjK0yiPnb6yvajI8tMYMZNXKRokJIrkK6WSHprJKDpYlgFuE9mve2RdLH05X8XYKZVtR6pEyks8sGH4U9k7yAWw+AU7G4754vx/wbcGCucw1JrAzY8g9o1w84wFaH78IX6Nb5Tz5kGNxxTPRwMcLpUf0jA2B4w== pilou@smartcard + rsnapshot: + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4lVaR7LTovURubmV+f280kzJafI4liqEMQ31iLVig+63JSxQU6s16QExkriTJqyA8oprTvJKQnGpQhYUVG6KHw+JL0S9v7X/ut+14iEqC45sPkY1eYfcM4dJwozQsHyk33AwNMNWFQymP6eQQ6TsR3w1NhZp6EIoXiGVvu1CdjCHc5T5K13QJGjdKTJ03DcJ+7jUkwl2Tx7khpm1o0Ogl+HoPh8PLJQBaVTo6R9bRAro+L6YJVK0zRFVXA/gGVyaEEpbrUOQNfeMW8vCmn1ZendsgWGBQrywcXpm12PtkhG2WHkdp+yJNvjMr5wPtTn3EQkxXTYRCPjb9dTyifCMP rsnapshot backups by Julien Palard diff --git a/group_vars/all/vars b/group_vars/all/vars index 7f65fb9..5a44b77 100644 --- a/group_vars/all/vars +++ b/group_vars/all/vars @@ -6,9 +6,11 @@ letsencrypt_email: julien@python.org admin_email: julien@python.org ansible_python_interpreter: "/usr/bin/python3" ansible_user: root -authorized_keys: | - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKA7DgTQ0G7+kdsX0lIUOAAOllwGSCu8s8TxPvr/61Y8q+pIO5mrZycI0xYcKP5NZaABqlFyXUUNfLj7RLqteBxqq2QZP4NOJ1MutYRIkzJ9YW0f565jHaOqSguz0MY+1sCHtuEPiUUZoNexkKN7SIx60SfoaMEvGjAj46txA7VFbJUuKcJtA1Yvmn0C0KoXUUQ/G+JqvjQ7QuKLQYdTZ8S9OEvNaqNfwNSwvy1/LCnuajFw0O+H5bz7AcS5Iuj+9k8wgHPK1a1rQEdteOcn2XBCvta/VOVlFLv6/9K3iU3EJ1pyaZ88UkuJef8aWnH/AJGaF2gLqUbBuL+UeXyD41 julien+yubikey4@palard.fr - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8vv8vwmbyhFEa0chj8LklnnY6DRLKj2OM0NgaMTd9SsrtBeLMqTt34pU+kKl6/9EIe9P8Z1/fWFyOiTsE7Khf3rkNsoILPmEV14i18Bvtp4nMtljqZaKVkAcRjPvo7flRWNxxL2Zbo+BEr3wVCl3Sc6YV8oQzCwVPKf34AB39b+PW4f3580Aqcd4Ci6zca0Ol95tLDv1slX1A7QcpoZAne8kj5h6bb4cC7FLBC9+xOSKmzoLOlP7LsyxaUUGRyi/FeMoma1VES65aIJ5U23GtZrzZI3tKz+vpQvOVaozNTDkNLiiJkjd3Ew1I10wArpZixjwSndP8CvGFyJc1XUXZ julien+yubikey5@palard.fr - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDVLcQld0qXYkStjCjkOLvoAk80iFwOPWY1Nv2EzU6P8o2dxOaHBuO1YcaB7XmK6rP1bf4xjOQtlhDGCSZ7lIM3H8gEHTfsVw3odbaoq/B0NpP8j+PL4YMJMzY+SUXZTILYUiJ3uuR064z21mpNcNWwWY/2NM6k7h93AOfxNo6ZxO460sHOlAlHNqlsyUGhtIWndCTAQ1wpT2YMWo/y8HCwizYGZz4HQ04nVTK9DLftb7bBxaqTtiPnx+VzYsRg1Ma1OvBggehL6iiXu6xpyXarRx99n3SVO8ptx/rmaX3tyB2ZN2kcxAYHscgh2vRrVm6BWmSF1XXuf2Vu35Lo0K510Jd92gbkBVair7ZtR6hFcNhDHfA87mhdqvld3XwL9/D93ZSGo4FCSJb0xdq4HtpsMVE20yEiDyOe7KeShbur3YYzdZAAmvhTaUyjfm9qReIS/OoAIePZvTNiX3/sbVwdDMzXp+6C17aGFGZ2ONug63Rs0ePdVmYUgFnm26tYfznuQwZcRlCEJwlMI2nYaKQk0GG1NbzHrZZdnCIujav0Ncdpi2RZgb4nlWX66mO16HcYpheMGpClBDxya9FM6ga7WFc72Z0xHfB1HTemEN/qlA1hroNK/DuRJzT/oxp7rd2YhcunmXrucKX4/KlkA0FcNbNY/sVsF2dr4oGBr3pzvQ== marc@debureaux.fr - ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJP+t8d7oLqPhXG40+jWogT+cK1ciiS+XB/nV8IoLw9gxrC05oWIoUo6vuqp0W+ugm7nf+zlIqEMjPHDzRp52iQ= asyd@asuka - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4lVaR7LTovURubmV+f280kzJafI4liqEMQ31iLVig+63JSxQU6s16QExkriTJqyA8oprTvJKQnGpQhYUVG6KHw+JL0S9v7X/ut+14iEqC45sPkY1eYfcM4dJwozQsHyk33AwNMNWFQymP6eQQ6TsR3w1NhZp6EIoXiGVvu1CdjCHc5T5K13QJGjdKTJ03DcJ+7jUkwl2Tx7khpm1o0Ogl+HoPh8PLJQBaVTo6R9bRAro+L6YJVK0zRFVXA/gGVyaEEpbrUOQNfeMW8vCmn1ZendsgWGBQrywcXpm12PtkhG2WHkdp+yJNvjMr5wPtTn3EQkxXTYRCPjb9dTyifCMP rsnapshot backups by Julien Palard +admins: + - asyd + - marc + - mdk + - pilou + - rsnapshot + +root_authorized_keys: "{{ admins | map('extract', authorized_keys)|flatten|join('\n') }}" diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index e123b5b..2f81ee0 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -75,9 +75,9 @@ - tcpdump - vim-nox - - name: Set some authorized keys + - name: Set authorized SSH keys for root user copy: - content: "{{ authorized_keys }}" + content: "{{ root_authorized_keys }}" dest: /root/.ssh/authorized_keys mode: 0600 owner: root