From 122042a7411f58557568bbda4cd04336d5f0396f Mon Sep 17 00:00:00 2001
From: Pedro Alvarez <pedro.alvarez@codethink.co.uk>
Date: Tue, 31 Aug 2021 15:33:17 +0100
Subject: admin/sshd_config.yaml: Update to install keys

---
 admin/keys/bbrown.pub   |  1 +
 admin/keys/bclough.pub  |  3 +++
 admin/keys/dbotting.pub |  1 +
 admin/keys/dpage.pub    |  2 ++
 admin/keys/gperkins.pub |  1 +
 admin/sshd_config.yaml  | 30 ++++++++++++++++++++++++++++--
 6 files changed, 36 insertions(+), 2 deletions(-)
 create mode 100644 admin/keys/bbrown.pub
 create mode 100644 admin/keys/bclough.pub
 create mode 100644 admin/keys/dbotting.pub
 create mode 100644 admin/keys/dpage.pub
 create mode 100644 admin/keys/gperkins.pub

diff --git a/admin/keys/bbrown.pub b/admin/keys/bbrown.pub
new file mode 100644
index 00000000..49df7bcd
--- /dev/null
+++ b/admin/keys/bbrown.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILLmU8L+CyK2PdLn8KW/Egw8C2QqSYmv7zXDC+amQA58
diff --git a/admin/keys/bclough.pub b/admin/keys/bclough.pub
new file mode 100644
index 00000000..e1431f56
--- /dev/null
+++ b/admin/keys/bclough.pub
@@ -0,0 +1,3 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKZ/3S5uxp3/q4eOHTF9uiPtf6ZFm4eQps7wdCOoEzLKHMllpF1rjtNG/mwTQsbVE3tsXmXiInf/zeRnGQqgOelQ7SxI8NszW2fGX8PW6MoTuc0HPhSeWNS3M1sCokXH9cpRmukruR8izkVH4i12KBA5HIKhypRd0BJnjhfG129zHZUQCwb0UnWBGd3LZmZAb9lpjvC/joe2l1PIpnfuN3DqjqjicDJBmlb8kYyQVAh0lV+mUUktFM0wVpyHErYg/8T6ZKrhRsGVgmO03DZfLXdL7aHT7tL242LjTz9WLIo/BTHvLwfxTNrdFefo/CJyBF7Z4VFujDseZPnIam0jOz
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKZYLUs5afWZwVc3RVy3zOxmd4owk8A8V4OIqCfCrse4
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOJ/N6SzB2irQ9TG+G9QrhxyFqXQEURUaUphN1xhQ8z8
diff --git a/admin/keys/dbotting.pub b/admin/keys/dbotting.pub
new file mode 100644
index 00000000..61c0fb3b
--- /dev/null
+++ b/admin/keys/dbotting.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDROJVvEo8tV3AhFff0rA541vpPZYeFF/w/GVvpmiOyC/vHan6jR2tsE/1r6WeNIf0tSdfMbsS7cOYHK5WfTs9hTgxmlYdhLHN5w0+l6l2fVu2RiJjuMuzEDmOPwGPSezXbtPsIIJpYmkk9zYnMOo2z8FtuSl7MgWByHxmRsg8yUWCJkreafXkP+SjNhTMmY6PJp/fze56F8uGseXLl9/qv7oLliGg3EApmQCEk3w+EZu3szpogCPeMubBY6MZJ0VEmF9llkCqMXBu4fSeM79lVcYJXje9cx6x7KrkteFOc9CpIajAZU5oM+MJ821mO8r0KuT/487Em/JDmaizAgpip
diff --git a/admin/keys/dpage.pub b/admin/keys/dpage.pub
new file mode 100644
index 00000000..59bd50c1
--- /dev/null
+++ b/admin/keys/dpage.pub
@@ -0,0 +1,2 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZ2TNNv7W3+M+qo4KjPzIzyIPJIHW+jlKGJFQ0Ql9AIJ1cb1zOFDOP8Uzh1ATdnGES4wWCTPdBCFoEatY3RIcE7VssJOjl+hEA+P62LP/OYOSwSiiPVgX0YQ9BcorvvfE3BwtGiUDRlJFTIRnwbbsoyz+4b+nJzggi2vvzQAzGf9PuzsIYEoZhudQCQE/kVk9vpCb6QE0qp5zg00bf2S1z/6pcTzx336jAyzyMWceuEwvzxdd32HoUBUDoHnPHR157MZvJhnzv3IK8CB7dLDpsjlHjrD7gqg8DBJPfkIAHvz73jhePx7dfS+6CF8ufWFbxZPVKssY0EdKiFNNM1PSJ
+ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAAmEi1arDWJGQb3FD2+DF+ZSJbhdJGLuhkq++RWx9X/I2AOuNFUIcAaPuQLrgdaljCCsMunCWxiJK0Abyr2U7E9aAAenU9oAcc0UJ72+4UZb8dTpwsxiB6NP+a4HRjAFffZc+YZHK4tLSQwcF02UL+FVkp1C2+gNiWtRnm3UzhtzTIjbQ==
diff --git a/admin/keys/gperkins.pub b/admin/keys/gperkins.pub
new file mode 100644
index 00000000..3e800df3
--- /dev/null
+++ b/admin/keys/gperkins.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQvRqmYpSVpff0MJq9aigjNQX22PdMkDiXpcV7EbDWdE3QLk7D818dljMKy2SvmgiEO7e/5jn8K7b9Dr88GF4dM/Oxc2k2yP9fzMoW+cE/drHBH+zDb9Zw1xa+t1AcMtl0XAEZft/hvpgx+Tp2XaEv6t7O9Ogxw1ahKtbkgDprhrnC9cVctu3VJhu8amY4BYZC9hRZUa02pCQl1i0klYq7E61zF8I25hS6HP0fbD/O+hAt5N3VqmkN+4QmCP8kkXSmyjKOurnXcGKPWonpOyB3cwVk3DO7krsw2qIIVoe/9PIK112oHNJxM01UUF+ZiPGEWawQfHRNG8Y03KQJanaf
diff --git a/admin/sshd_config.yaml b/admin/sshd_config.yaml
index aba6a9f1..02f1bcd8 100644
--- a/admin/sshd_config.yaml
+++ b/admin/sshd_config.yaml
@@ -4,5 +4,31 @@
   tasks:
     - name: ensure SSH login with password is disabled
       lineinfile:
-        dest=/etc/ssh/sshd_config
-        line='PasswordAuthentication no'
+        dest: /etc/ssh/sshd_config
+        regexp: "^#?PasswordAuthentication"
+        line: PasswordAuthentication no
+        state: present
+      become: yes
+      notify:
+      - restart ssh
+
+    - name: Set authorized key taken from file
+      ansible.posix.authorized_key:
+        user: "{{ ansible_ssh_user }}"
+        state: present
+        key: "{{ lookup('file', item) }}"
+      with_items:
+        - keys/bbrown.pub
+        - keys/bclough.pub
+        - keys/dbotting.pub
+        - keys/dpage.pub
+        - keys/gperkins.pub
+
+
+
+  handlers:
+    - name: restart ssh
+      service:
+        name: ssh
+        state: restarted
+      become: yes
-- 
cgit v1.2.1