same private keys for all users is not a good idea

2022-02-20 17:57:32 +01:00
parent 1bbc5f778e
commit d3f75ead02
3 changed files with 33 additions and 39 deletions
--- a/roles/base/tasks/users/all.yml
+++ b/roles/base/tasks/users/all.yml
@@ -18,11 +18,6 @@
    mode: '0600'
  loop:
    - "private_keys/gitlab_read_ed25519"
    - "private_keys/id_dsa"
    - "private_keys/id_ed25519"
    - "private_keys/id_rsa"
    - "private_keys/identity_for_kashyyyk"
    - "private_keys/yubikey"
 - name: users | {{ user }} | install known_hosts
  copy:
--- a/roles/base/tasks/users/rene.yml
+++ b/roles/base/tasks/users/rene.yml
@@ -14,20 +14,19 @@
 #     - public_keys/rene_id_rsa.pub
 #     - public_keys/yubikey.pub
-# - name: users | rene | install private ssh keys
+- name: users | rene | install private ssh keys
-#   copy:
+  copy:
-#     dest: "/home/rene/.ssh/"
+    dest: "/home/rene/.ssh/"
-#     src: "{{ item }}"
+    src: "{{ item }}"
-#     owner: rene
+    owner: rene
-#     group: rene
+    group: rene
-#     mode: '0600'
+    mode: '0600'
-#   loop:
+  loop:
-#     - "private_keys/gitlab_read_ed25519"
+    - "private_keys/id_dsa"
-#     - "private_keys/id_dsa"
+    - "private_keys/id_ed25519"
-#     - "private_keys/id_ed25519"
+    - "private_keys/id_rsa"
-#     - "private_keys/id_rsa"
+    - "private_keys/identity_for_kashyyyk"
-#     - "private_keys/identity_for_kashyyyk"
+    - "private_keys/yubikey"
 #     - "private_keys/yubikey"
 # - name: users | rene | install known_hosts
 #   copy:
--- a/roles/base/tasks/users/root.yml
+++ b/roles/base/tasks/users/root.yml
@@ -3,17 +3,17 @@
    name: root
    password_lock: yes
- name: users | root | install public ssh keys
+# - name: users | root | install public ssh keys
-  authorized_key:
+#   authorized_key:
-    user: root
+#     user: root
-    state: present
+#     state: present
-    key: '{{ item }}'
+#     key: '{{ item }}'
-  with_file:
+#   with_file:
-    - public_keys/id_dsa.pub
+#     - public_keys/id_dsa.pub
-    - public_keys/id_ed25519.pub
+#     - public_keys/id_ed25519.pub
-    - public_keys/rene_id_rsa.pub
+#     - public_keys/rene_id_rsa.pub
-    - public_keys/root_id_rsa.pub
+#     - public_keys/root_id_rsa.pub
-    - public_keys/yubikey.pub
+#     - public_keys/yubikey.pub
 - name: users | root | install public key for backups
  authorized_key:
@@ -24,15 +24,15 @@
  with_file:
    - public_keys/backup_ed25519.pub
- name: users | root | install private ssh keys
+# - name: users | root | install private ssh keys
-  copy:
+#   copy:
-    dest: "/root/.ssh/"
+#     dest: "/root/.ssh/"
-    src: "{{ item }}"
+#     src: "{{ item }}"
-    owner: root
+#     owner: root
-    group: root
+#     group: root
-    mode: '0600'
+#     mode: '0600'
-  loop:
+#   loop:
-    - "private_keys/gitlab_read_ed25519"
+#     - "private_keys/gitlab_read_ed25519"
 # - name: users | root | install known_hosts
 #   copy: