From 1df38b51f7c708c8af8c34fcad5fc904e7498060 Mon Sep 17 00:00:00 2001
From: Pedro Alvarez <pedro.alvarez@codethink.co.uk>
Date: Tue, 31 Aug 2021 15:33:17 +0100
Subject: Update playbook to install keys

---
 admin/keys/benbrown.pub |  1 +
 admin/sshd_config.yaml  | 25 +++++++++++++++++++++++--
 2 files changed, 24 insertions(+), 2 deletions(-)
 create mode 100644 admin/keys/benbrown.pub

diff --git a/admin/keys/benbrown.pub b/admin/keys/benbrown.pub
new file mode 100644
index 00000000..6c57daad
--- /dev/null
+++ b/admin/keys/benbrown.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILLmU8L+CyK2PdLn8KW/Egw8C2QqSYmv7zXDC+amQA58 benbrown@deprave
diff --git a/admin/sshd_config.yaml b/admin/sshd_config.yaml
index aba6a9f1..2a410f5b 100644
--- a/admin/sshd_config.yaml
+++ b/admin/sshd_config.yaml
@@ -4,5 +4,26 @@
   tasks:
     - name: ensure SSH login with password is disabled
       lineinfile:
-        dest=/etc/ssh/sshd_config
-        line='PasswordAuthentication no'
+        dest: /etc/ssh/sshd_config
+        regexp: "^#?PasswordAuthentication"
+        line: PasswordAuthentication no
+        state: present
+      become: yes
+      notify:
+      - restart ssh
+
+    - name: Set authorized key taken from file
+      ansible.posix.authorized_key:
+        user: "{{ ansible_ssh_user }}"
+        state: present
+        key: "{{ lookup('file', item) }}"
+      with_items:
+        - keys/benbrown.pub
+
+
+  handlers:
+    - name: restart ssh
+      service:
+        name: ssh
+        state: restarted
+      become: yes
-- 
cgit v1.2.1