ansible: rotate ssh key

2024-11-23 12:22:04 -08:00 · 2024-11-23 12:22:04 -08:00 · ce1e33d678
commit ce1e33d678
parent 89fcffdf59
1 changed files with 27 additions and 0 deletions
--- a/roles/base/tasks/main.yml
+++ b/roles/base/tasks/main.yml
@ -10,3 +10,30 @@
  apt:
    name: [ufw]
    state: absent
+
+- name: check which users exist
+  ansible.builtin.user:
+    name: "{{ item }}"
+  loop: ["root", "finn", "debian"]
+  check_mode: true
+  register: users
+
+- name: Ensure SSH key is set
+  ansible.posix.authorized_key:
+    user: "{{ item.item }}"
+    state: present
+    key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJs5PJ6jQF7Sx3T1b1+NBXt4JRsnjGnWv8+bCf4RpwGM finn@taint
+  loop: "{{ users.results }}"
+  loop_control:
+    label: "{{ item.item }}"
+  when: item.state | d('') == 'present'
+
+- name: Invalidate old SSH key
+  ansible.posix.authorized_key:
+    user: "{{ item.item }}"
+    state: absent
+    key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDMaJrZWSrAYTaCoGhW+o8HivmBj5oZi7Dei73FtCl0d finn@taint
+  loop: "{{ users.results }}"
+  loop_control:
+    label: "{{ item.item }}"
+  when: item.state | d('') == 'present'