From f10f8d027ccbc35daac8d4a7dc8091b15bdcfc33 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sun, 22 Apr 2018 12:46:07 +0200 Subject: [PATCH] ansible: use variables for ssh keys --- ansible/group_vars/all/main.yml | 18 ++++++++++++++---- ansible/roles/base/tasks/main.yml | 2 +- ansible/ssh/noc/equinox@realraum.pub | 1 - ansible/ssh/noc/gebi.pub | 1 - ansible/ssh/noc/nicoo@harbard.pub | 1 - ansible/ssh/noc/xro@realraum.pub | 1 - 6 files changed, 15 insertions(+), 9 deletions(-) delete mode 100644 ansible/ssh/noc/equinox@realraum.pub delete mode 100644 ansible/ssh/noc/gebi.pub delete mode 100644 ansible/ssh/noc/nicoo@harbard.pub delete mode 100644 ansible/ssh/noc/xro@realraum.pub diff --git a/ansible/group_vars/all/main.yml b/ansible/group_vars/all/main.yml index 90463fc..0c8abc3 100644 --- a/ansible/group_vars/all/main.yml +++ b/ansible/group_vars/all/main.yml @@ -9,20 +9,30 @@ user_groups: users: equinox: email: equinox@realraum.at - gpg: 0xD74907C9E64E6CED8FE3 + gpg: 0xD74907C9E64E6CED8FE3 + ssh: + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDj7AcnQZCRihToOI7/L5YslP4bkZlZwR2dg6hV8EfQ+37z1p0imhoqc2Oz/zIEgOVARBHkn5XmfR9Bu6e3YfKpXpJXC9O3jpRSw34Xac/8qXzWZsqVAXbtzvBlYA/G4j0NQM9XIVBa1ZzBZu87xeE4KUWzO80fnQ+G3GSBp28BM4TUiSOmX9y58chPZfUp2DE80fInoXv11ikLLCBDXfMkzFCZ4Gcexhr0TYcBUgLV7ufL0xqLg4yE+Z21PLtttvVYgZIers2nWetLPoREi5yDGKeCjJVyT00X2rp6h3eFkc/VaHfb5c2MY9/4BOt+cbFCx73sG0C1SnSzWd624K/8CEoJTsX4MazLLrxwi3hIwiYX1mCCfq4+S4PpSFvMUGdMWB52PkBRXulQislCVBA/lzma93xJr1jWVFSikjkvAUt8Zt33vHMRd7RMYDfsDVIEKpUT49cBj0v7zs6IVE858J33sUZoVXaiA2sjsap8RguNtjJMSYx8+nwkQAjxwlTiV2J6pHGQHJDyeVsqGlnMpEk32ZeSs/BQ7XWPG62FT3SN6E4C/fa8dawvs7RgY0cbZkhucECBu9Zto/KakIhzLtFzgDighPmK5SlAPoNEJLJYPo5ry2SBTysc4uV7xYZSQ6OVofeQeFXKL8oPe/ZAvKafn3Zk0mQcCtH0Z8q8iQ== equinox@realraum.at gebi: email: michael@mgeb.org - gpg: 0x6E302CF4D98B9702 + gpg: 0x6E302CF4D98B9702 + ssh: + - ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEAvjmZbqEQ9EpTcyTFoxqCJileq4dF//ye0JiPBP0kPvtoW33V3TUNon5btd28DzLnFeiU/3NEjTqkaHFRM+t8EoIj4kc/6lozjIlsZN7xoz6CnNrbbHPsgi3FvelyBcsi0sbunFEV2Qw1q1tTC93UcaPqL3hx01Cxfw0Dycs/6lyljvR4eW5O5nFnvtDAoDQYwq5i4U/VZs0Gz1XAOuAb4JQ0KzLeBhfdzvmhANSWIvybmb1V6UPtdK9pCxdo9FL5NwB8nkGloIa3kC4JAINC/Pvk0czZ80rXfIckBgZKxQVUCDVUKZUZ4GZYPI6azglQmZuslziAmiTmhiUkhSZ/m2m9EN1TnMEYEmcoscvrd97l0v2BzBZPkzqL7cSAoehpQsrIe/ceBNjZP1eotS3/fFY70GabW0o2+QFx1ZXGUqRVIwOZ2ZWRp4SoqMl+UtRZx6EMGO20H17etB1b5gF6xO1e8723FFXiS3oY9oUfS+lMX5BDgGUc5wJQ696jPK/pRYrasf6piKuyFpoF+nh/rOvIGSbwHSOOApxKZoj5R+fwfVyoD2uoxd0g5meKEfqB6RDGz+W4cLgS9Th6uEAXo+LLcinjMAJNr50rJFuXYRF1zpa7p4LG/97doq2hk8LXZuTqjB3WCnTUrLy59sHrmwdkRSs6bj7mLEdRRrI1TxU= secure key of gebi nicoo: email: nicolas@braud-santoni.eu - gpg: 0x3F41B0739AAD91B7CDC0 + gpg: 0x3F41B0739AAD91B7CDC0 + ssh: + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDirhW/XNWCDMBy9TAEZgrahGSMlYdddyc9bNAOBbLJ8TVDe0M7YAZ4kU5EYGZBmd4NGZ4Z2Vb+sc0xlJE1MYprL0hFoOSMmU17pa6uzXwAfWtiYAsm/Z8QssOVvyte629gCPUgw1oJM19N7/i8yZh+5j+iEpffbv66USpatLJqJgeM67VjcHPLHf75dEBwkqsWMvpIk3+8gtwXDR8t8YUuxJgHOLFUEWQ6wiXxBoIJTAvdzAzykIs/yJbsMpKjDNLfF0guaRDC5GnjwHqTkGegxBS3l/MzkOpXtWbbbhYX8yIvFkryBFbyB0oa/rnE2HnYbaq2riyZpcsKRXqIvvFFa80FqGE+8sQnMlHn2IaOlkmkBMBytL+6rP3feFWq+vGZLRMs7ezMs+o0ofe0svMhLjy79AJnRBfaFn350AnmqNGZ8HbS0A1vOpPJsJVMhcqx+0cPHfxIedNGs7BJZypmBiw6vZ0rzxm1YX7CZcpiIe2Ob9o/+ypwWVXlT1zcLMC6u5/2YXDCXea0QtiOnM9h4ahkRaBb8CUTMtDurOf9uPtwE8wzmq34baAOQMfY3Tb9uGvAlCcLbke5RDCLfvBx3C2g2KkaboFL/7V9YQ1DCpj+zpOEdr/Jr1wKoWBzgCfZcfXn954J2z2BjbHZRTpCW6EmaYXj4J2bRIX7FalKkw== nicoo@harbard bernhard: email: xro@realraum.at - gpg: 0xE3468B9CE81EB4F91486 + gpg: 0xE3468B9CE81EB4F91486 + ssh: + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDYjli6dqjyOVemjvBBckdxFBMfxhInzEpd/4ROcb950UI38thuJ0C0m9JAK77xOtGAkHG8lA0rtlymFeWuXhWO+OYHzLB9kspesrbejkc24D5F88FHR725xjdVazHnMgYt8WlY9LkSgZGuaR/6D2bkJl339eSCjn5yTc5HGnwlB+e2xRdvFqfHiQjkkQToO70xv+xYMmThYk8MPhwvlzqPNyMd28FVXG3n6QE+QTqpFHhmEabIBjCdvNr3ESXnCd1z7nwvQZYayvbkigH/gea8uN6A19wUYZHYzwk0is6XTa0fQCYklQIq6F4KWQ3iZUQTgOPJWVqdqLnddkkBNuefav559SoAT1fd8D9PNijCFv6eXy6h2gvYPKeHRzTSbtYneUAZeYYbkMvHeQB8TFq2b/z7kQIgkt+mDlw60JVxRVP2Ts2s98flfM2yKPfKmUEjbISuLNQzBvyxEuD7g3aTtRZZzA9CV4yxwpOW5bgVSSBanGC8S/y7xbToZ3ZX1dmfkV5/yG9eI2F4bb9Kxoec/p6CMtGgJgS6m+JX+sY8/bQrjrq58XTxQEGcaLES64AFoHz/o5c17Klz0QFSNe0QaDu5rqvln0b67j4lLg4XRDDYaoalflotv1haRRUYNemCOTso/XWbUhQhN0puV3k7rNAN9ZJEkAiKzH4qd8AS6w== xro@r3.at noc_groups: - adm - sudo + +noc_ssh_keys: "{{ user_groups.noc | map('extract', users) | map(attribute='ssh') | flatten | list }}" diff --git a/ansible/roles/base/tasks/main.yml b/ansible/roles/base/tasks/main.yml index f209fe4..17e95ab 100644 --- a/ansible/roles/base/tasks/main.yml +++ b/ansible/roles/base/tasks/main.yml @@ -47,7 +47,7 @@ - name: Set authorized keys for root user authorized_key: user: root - key: "{{ lookup('pipe','cat ssh/noc/*.pub') }}" + key: "{{ noc_ssh_keys | join('\n') }}" exclusive: yes - name: disable apt suggests and recommends diff --git a/ansible/ssh/noc/equinox@realraum.pub b/ansible/ssh/noc/equinox@realraum.pub deleted file mode 100644 index bc68a15..0000000 --- a/ansible/ssh/noc/equinox@realraum.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDj7AcnQZCRihToOI7/L5YslP4bkZlZwR2dg6hV8EfQ+37z1p0imhoqc2Oz/zIEgOVARBHkn5XmfR9Bu6e3YfKpXpJXC9O3jpRSw34Xac/8qXzWZsqVAXbtzvBlYA/G4j0NQM9XIVBa1ZzBZu87xeE4KUWzO80fnQ+G3GSBp28BM4TUiSOmX9y58chPZfUp2DE80fInoXv11ikLLCBDXfMkzFCZ4Gcexhr0TYcBUgLV7ufL0xqLg4yE+Z21PLtttvVYgZIers2nWetLPoREi5yDGKeCjJVyT00X2rp6h3eFkc/VaHfb5c2MY9/4BOt+cbFCx73sG0C1SnSzWd624K/8CEoJTsX4MazLLrxwi3hIwiYX1mCCfq4+S4PpSFvMUGdMWB52PkBRXulQislCVBA/lzma93xJr1jWVFSikjkvAUt8Zt33vHMRd7RMYDfsDVIEKpUT49cBj0v7zs6IVE858J33sUZoVXaiA2sjsap8RguNtjJMSYx8+nwkQAjxwlTiV2J6pHGQHJDyeVsqGlnMpEk32ZeSs/BQ7XWPG62FT3SN6E4C/fa8dawvs7RgY0cbZkhucECBu9Zto/KakIhzLtFzgDighPmK5SlAPoNEJLJYPo5ry2SBTysc4uV7xYZSQ6OVofeQeFXKL8oPe/ZAvKafn3Zk0mQcCtH0Z8q8iQ== equinox@realraum.at diff --git a/ansible/ssh/noc/gebi.pub b/ansible/ssh/noc/gebi.pub deleted file mode 100644 index 56c8f5b..0000000 --- a/ansible/ssh/noc/gebi.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEAvjmZbqEQ9EpTcyTFoxqCJileq4dF//ye0JiPBP0kPvtoW33V3TUNon5btd28DzLnFeiU/3NEjTqkaHFRM+t8EoIj4kc/6lozjIlsZN7xoz6CnNrbbHPsgi3FvelyBcsi0sbunFEV2Qw1q1tTC93UcaPqL3hx01Cxfw0Dycs/6lyljvR4eW5O5nFnvtDAoDQYwq5i4U/VZs0Gz1XAOuAb4JQ0KzLeBhfdzvmhANSWIvybmb1V6UPtdK9pCxdo9FL5NwB8nkGloIa3kC4JAINC/Pvk0czZ80rXfIckBgZKxQVUCDVUKZUZ4GZYPI6azglQmZuslziAmiTmhiUkhSZ/m2m9EN1TnMEYEmcoscvrd97l0v2BzBZPkzqL7cSAoehpQsrIe/ceBNjZP1eotS3/fFY70GabW0o2+QFx1ZXGUqRVIwOZ2ZWRp4SoqMl+UtRZx6EMGO20H17etB1b5gF6xO1e8723FFXiS3oY9oUfS+lMX5BDgGUc5wJQ696jPK/pRYrasf6piKuyFpoF+nh/rOvIGSbwHSOOApxKZoj5R+fwfVyoD2uoxd0g5meKEfqB6RDGz+W4cLgS9Th6uEAXo+LLcinjMAJNr50rJFuXYRF1zpa7p4LG/97doq2hk8LXZuTqjB3WCnTUrLy59sHrmwdkRSs6bj7mLEdRRrI1TxU= secure key of gebi diff --git a/ansible/ssh/noc/nicoo@harbard.pub b/ansible/ssh/noc/nicoo@harbard.pub deleted file mode 100644 index ec60523..0000000 --- a/ansible/ssh/noc/nicoo@harbard.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDirhW/XNWCDMBy9TAEZgrahGSMlYdddyc9bNAOBbLJ8TVDe0M7YAZ4kU5EYGZBmd4NGZ4Z2Vb+sc0xlJE1MYprL0hFoOSMmU17pa6uzXwAfWtiYAsm/Z8QssOVvyte629gCPUgw1oJM19N7/i8yZh+5j+iEpffbv66USpatLJqJgeM67VjcHPLHf75dEBwkqsWMvpIk3+8gtwXDR8t8YUuxJgHOLFUEWQ6wiXxBoIJTAvdzAzykIs/yJbsMpKjDNLfF0guaRDC5GnjwHqTkGegxBS3l/MzkOpXtWbbbhYX8yIvFkryBFbyB0oa/rnE2HnYbaq2riyZpcsKRXqIvvFFa80FqGE+8sQnMlHn2IaOlkmkBMBytL+6rP3feFWq+vGZLRMs7ezMs+o0ofe0svMhLjy79AJnRBfaFn350AnmqNGZ8HbS0A1vOpPJsJVMhcqx+0cPHfxIedNGs7BJZypmBiw6vZ0rzxm1YX7CZcpiIe2Ob9o/+ypwWVXlT1zcLMC6u5/2YXDCXea0QtiOnM9h4ahkRaBb8CUTMtDurOf9uPtwE8wzmq34baAOQMfY3Tb9uGvAlCcLbke5RDCLfvBx3C2g2KkaboFL/7V9YQ1DCpj+zpOEdr/Jr1wKoWBzgCfZcfXn954J2z2BjbHZRTpCW6EmaYXj4J2bRIX7FalKkw== nicoo@harbard diff --git a/ansible/ssh/noc/xro@realraum.pub b/ansible/ssh/noc/xro@realraum.pub deleted file mode 100644 index 3cb67d6..0000000 --- a/ansible/ssh/noc/xro@realraum.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDYjli6dqjyOVemjvBBckdxFBMfxhInzEpd/4ROcb950UI38thuJ0C0m9JAK77xOtGAkHG8lA0rtlymFeWuXhWO+OYHzLB9kspesrbejkc24D5F88FHR725xjdVazHnMgYt8WlY9LkSgZGuaR/6D2bkJl339eSCjn5yTc5HGnwlB+e2xRdvFqfHiQjkkQToO70xv+xYMmThYk8MPhwvlzqPNyMd28FVXG3n6QE+QTqpFHhmEabIBjCdvNr3ESXnCd1z7nwvQZYayvbkigH/gea8uN6A19wUYZHYzwk0is6XTa0fQCYklQIq6F4KWQ3iZUQTgOPJWVqdqLnddkkBNuefav559SoAT1fd8D9PNijCFv6eXy6h2gvYPKeHRzTSbtYneUAZeYYbkMvHeQB8TFq2b/z7kQIgkt+mDlw60JVxRVP2Ts2s98flfM2yKPfKmUEjbISuLNQzBvyxEuD7g3aTtRZZzA9CV4yxwpOW5bgVSSBanGC8S/y7xbToZ3ZX1dmfkV5/yG9eI2F4bb9Kxoec/p6CMtGgJgS6m+JX+sY8/bQrjrq58XTxQEGcaLES64AFoHz/o5c17Klz0QFSNe0QaDu5rqvln0b67j4lLg4XRDDYaoalflotv1haRRUYNemCOTso/XWbUhQhN0puV3k7rNAN9ZJEkAiKzH4qd8AS6w== xro@r3.at -- 1.7.10.4