timeout=30
+filter_plugins = ./filter_plugins
+
[ssh_connection]
pipelining = True
ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s
--- /dev/null
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+from ansible import errors
+
+
+def user_ssh_keys(data, db):
+ try:
+ ssh_keys = []
+ for user in data:
+ try:
+ for key in db[user]['ssh']:
+ ssh_keys.append(key)
+ except KeyError:
+ pass
+
+ return ssh_keys
+ except Exception as e:
+ raise errors.AnsibleFilterError("user_ssh_keys(): %s" % str(e))
+
+
+class FilterModule(object):
+
+ ''' extract values form users db '''
+ filter_map = {
+ 'user_ssh_keys': user_ssh_keys,
+ }
+
+ def filters(self):
+ return self.filter_map
---
+ssh_users_root:
+ - equinox
+ - nicoo
+
accesspoint_wifi_channels:
2.4g:
ap0: 3
net.ipv6.conf.all.forwarding=0
/etc/dropbear/authorized_keys:
- content: |-
- {% for key in noc_ssh_keys %}
- {{ key }}
- {% endfor %}
+ content: "{{ ssh_users_root | user_ssh_keys(users) | join('\n') }}\n"
/etc/htoprc:
file: "{{ global_files_dir }}/common/htoprc"
## Root password; by default, undefined
root_password: "{{ vault_root_password }}"
## SSH keys for root, default to NOC's
-ssh_keys: "{{ noc_ssh_keys }}"
+
+ssh_users_root: "{{ user_groups.noc }}"
gpg: 0xE3468B9CE81EB4F91486
ssh:
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDsT6W8Yz9iQ9FXuyrBmLC3o1j26ugzKfJDjvYAOehtjbYj+JjNrLoob1Evg5wWbDI9w+GiaBRKpfMw/66rMty8UXnYvpr28AsMdsxmvCp7k6eW55WcWNC26Nw3cWJo8MBxDaWDfjPdVzhKU7iFTCEVz/mUqUrbyg+Y6R1psqY84zXwelyPNPUVNBSaWMORmWR397v8UaEx2jsO4Nxaw1w4RnJSyq5feXResLigh6yelCNDWu3ISQrmZtjKRCPWlVzIDAT5m0UZzHjfGtixei8QNo3Y1sNUyFmrR0jcy6Uvkcl2ryGsUApCqaIGHz9zNvVJo7lGFH7yDVnaFx2XHnbDrZqhcvtvKK9kJkXwpTwASnSg7CB4VUFxdfzOlwnGUqMrePYqN5CaFKLNNQ5vIharK+iikvgkibrCSH69Tdb26IvBpXojuoIHDpBNcAAy5d66P+EoUXv7xWVmWiDLyJd66GvNzAzwel16KrjlgYZoKaj5rAB04qafSi6gRKJMuxQTBGGBc45JojDDZUEQht0/0N9GEWZDAO2z3eyB0lsODNvJBh9jAvwEOMcNnm59GYnYrk4bKLS1GEvq6a0aQvAxJDj0OxENNsx3SloYnP+ufHUZvWI9Ccu+9PMcoNqsFomiFg5nraL7NVaaOegVVYVGr4xZm9Yl/fnfnkH/lccsPw== xro@realraum.at
-
-noc_groups:
- - adm
- - sudo
-
-noc_ssh_keys: "{{ user_groups.noc | map('extract', users) | map(attribute='ssh') | flatten | list }}"
---
+ssh_users_tuergit: "{{ user_groups.noc }}"
+
openwrt_arch: x86
openwrt_target: geode
openwrt_output_image_suffixes:
AuthorizedKeysCommandUser tuergit
/etc/ssh/authorized_keys.d/root:
- content: |-
- {% for key in noc_ssh_keys %}
- {{ key }}
- {% endfor %}
+ content: "{{ ssh_users_root | user_ssh_keys(users) | join('\n') }}\n"
/etc/ssh/authorized_keys.d/tuergit:
- content: |-
- {% for key in noc_ssh_keys %}
- {{ key }}
- {% endfor %}
+ content: "{{ ssh_users_tuergit | user_ssh_keys(users) | join('\n') }}\n"
openwrt_uci:
system:
- name: Set authorized keys for root user
authorized_key:
user: root
- key: "{{ ssh_keys | join('\n') }}"
+ key: "{{ ssh_users_root | user_ssh_keys(users) | join('\n') }}"
exclusive: yes
- name: disable apt suggests and recommends
user: root
manage_dir: no
path: "{{ preseed_tmpdir }}/authorized_keys"
- key: "{{ ssh_keys | join('\n') }}"
+ key: "{{ ssh_users_root | user_ssh_keys(users) | join('\n') }}"
- name: Inject files into initramfs
shell: cpio -H newc -o | gzip -9 >> 'initrd.preseed.gz'
- import_role:
name: preseed
vars:
- ssh_keys: "{{ hostvars[hostname].ssh_keys }}"
+ ssh_users_root: "{{ hostvars[hostname].ssh_users_root }}"
install_interface: enp1s1
preseed_tmpdir: "{{ tmpdir.stdout }}"