Update playbook to install keys

author: Pedro Alvarez <pedro.alvarez@codethink.co.uk> 2021-08-31 15:33:17 +0100
committer: Pedro Alvarez <pedro.alvarez@codethink.co.uk> 2021-08-31 15:33:17 +0100
commit: 1df38b51f7c708c8af8c34fcad5fc904e7498060 (patch)
tree: bb256468eb95366579068786ee32ca2b59897bf4
parent: cc207c919097b9b1174a44180ab747c78e65fd1f (diff)
download: infrastructure-1df38b51f7c708c8af8c34fcad5fc904e7498060.tar.gz
2 files changed, 24 insertions, 2 deletions
diff --git a/admin/keys/benbrown.pub b/admin/keys/benbrown.pub
new file mode 100644
index 00000000..6c57daad
--- /dev/null
+++ b/admin/keys/benbrown.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILLmU8L+CyK2PdLn8KW/Egw8C2QqSYmv7zXDC+amQA58 benbrown@deprave
diff --git a/admin/sshd_config.yaml b/admin/sshd_config.yaml
index aba6a9f1..2a410f5b 100644
--- a/admin/sshd_config.yaml
+++ b/admin/sshd_config.yaml
@@ -4,5 +4,26 @@
   tasks:
     - name: ensure SSH login with password is disabled
       lineinfile:
-        dest=/etc/ssh/sshd_config
-        line='PasswordAuthentication no'
+        dest: /etc/ssh/sshd_config
+        regexp: "^#?PasswordAuthentication"
+        line: PasswordAuthentication no
+        state: present
+      become: yes
+      notify:
+      - restart ssh
+
+    - name: Set authorized key taken from file
+      ansible.posix.authorized_key:
+        user: "{{ ansible_ssh_user }}"
+        state: present
+        key: "{{ lookup('file', item) }}"
+      with_items:
+        - keys/benbrown.pub
+
+
+  handlers:
+    - name: restart ssh
+      service:
+        name: ssh
+        state: restarted
+      become: yes
author	Pedro Alvarez <pedro.alvarez@codethink.co.uk>	2021-08-31 15:33:17 +0100
committer	Pedro Alvarez <pedro.alvarez@codethink.co.uk>	2021-08-31 15:33:17 +0100
commit	1df38b51f7c708c8af8c34fcad5fc904e7498060 (patch)
tree	bb256468eb95366579068786ee32ca2b59897bf4
parent	cc207c919097b9b1174a44180ab747c78e65fd1f (diff)
download	infrastructure-1df38b51f7c708c8af8c34fcad5fc904e7498060.tar.gz