feat: synchronize authorized keys for root

4 years ago · 1c2da22ef6
parent 335e3bb9dd
commit 1c2da22ef6
8 changed files with 72 additions and 51 deletions
--- a/group_vars/all/plain.yml
+++ b/group_vars/all/plain.yml
@ -27,7 +27,6 @@ hetzner_ssh_keys:
  - sven.ketelsen@netgo.de
  - peter.heise@netgo.de
  - claus.paetow@netgo.de
-  - alexander.gordon@netgo.de

 hetzner_server_labels: "stage={{ stage }}"

@ -67,7 +66,6 @@ smardigo_plattform_users:
  - 'sven.ketelsen'
  - 'peter.heise'
  - 'claus.paetow'
-  - 'alexander.gordon'

 docker_owner: "{{ admin_user }}"
 docker_group: "{{ admin_user }}"
--- a/group_vars/all/vault.yml
+++ b/group_vars/all/vault.yml
@ -1,48 +1,48 @@
 $ANSIBLE_VAULT;1.1;AES256
-38396164656230343461353837306664386634316464666261396232663936663064343932323136
-6438343938643639383532613165633937663861356165310a613033356339353738396235336365
-64616637363730343264666463376235396266636239623365346363366433313363616161636336
-3362313064393930340a366330393765393439396439343534383538343030306265643635613935
-34306237616137643535646235363165313632303464653464663966346365386232623637616165
-37626562646230393530633063396161636361376464313763316434336530303432643939643330
-37636433653330336435323333323438373832333538623966623062376535356562383764646133
-33373535343965333865653337663331633335323330323636663462313462396165303537393266
-37663338616434343438373535636133646461323730623964386538363066303963613864303234
-61373862336538343261366262616435313065336435386461656561323064646237366136353136
-66383733376434626537633438633434313263336462323964656237393931323337316362316663
-62396133383833646635666364303337393762313063326231633034316635643232353265663762
-61316233393434323764363638626639353561653736346437663230336238343466343065623963
-33623932616137376264393261653964616634653039393637303035303238333564303761343039
-38343665313964623232323864396236313934653132343437316338363763383532383762346334
-39383365343536616132343361386135303933643237616437653463373965633536393235366163
-62653937666437393863333962373433386437343361663163336163306335313638316161383133
-30316535623232653733396134356132336435653762626264363737623338396266373531353430
-35323765303236363266643632313964303332626136666430326431383132373430333866393738
-32613035383364633333386538346430663862643531353438633061613530323863363861383435
-61376561306130623561326561323930353832356438313363653932643831376430373039376430
-30623030323030653234343565303331613036313430326430373962316561653832353365643334
-61656333306366663933643636353832633632643565646263333638663161353839383362313234
-31306237323366396135663334356336346663393339346266613238313633373832633033613630
-65633734633362323264343934326631393937303334393336353637316335393133386562336639
-34393262353935323438316339613566613765613864393231353262613236616238633634633562
-61303737656463373365373534623339303337623936613261623666393834623338623539663332
-38356130343838633165346539386131303636386437613966343562616265366161313139316665
-32636538306234653938373334326262656131643735646436313330306536663339323962376138
-36353866663861616338326338366263343836633761393263623638366434666266653237333136
-35636661336532326237356463356437663037346265303830373064373635306130313037643830
-64353762373334306531653631633531306338633261646334623564366135633734343737373266
-33656236313664386463643466653864616538366537353231323931393363643633353562313135
-36636637663235333965623737633635396230663737653736306265393861316265386263353639
-65626337663231663664363537616239303631313438303534646161663762666437636233306363
-64663065636362633634313336666430626162623663376666323166623339346238373637653561
-31613562336334333536366662666239333933356632306563383537623263353665613466396237
-32363761306235393632336163386161623134343734393664653565303038633863333166653738
-31353530613262663332323561303863663631316164613432363336383836626334616432383337
-39366533343432356561353039363965663035343065616632633766613063663365623461643835
-63373863326666626431626232373737386363633536393439386635303864656563373165393438
-39353661316433653765393237373636323037653330336563353438383362643534353965363730
-37393562333134343733633838303030396131313365656533343165313964386661643835396166
-30366439383634376433623231363061356638643033613163653937336266306238656566316266
-33376361386635333932356637633732633865613735376537316539326461643235323965633031
-64653133663963633638356236346265653563396437383636383464646633353434343566643266
-666562356661386639633035653065383332
+36663361623738653132316466623231656662366262646435666439386336343134356437303136
+3039663831636266663934633231323133356264653162330a303834396265623562313331396137
+38323461343761653363643230393539663237663935656131376261613731323731643338666336
+3137383131343136340a316462316564303832313136646631396162663036343637656166666439
+32363134376639333364396561313936393739653762333334346531326332616362313132623831
+35386130386265383237326134356366353033323437633466383038303264643061353731633063
+37643636333466336561666465313235363265643233373738653864363335613233393332343966
+30353866353161343762383161353965386538666430346430353763646265643534326661353162
+31343233356464393433396135313064323433666132653966373961666433346666316336363535
+36653565393462613237636439333566643765363762346362613932336135306130376366663235
+64346335316561663363316232613036653837393439666537333961616232303535616361626263
+39656631643161643862363162666531636561353932303532366235306664323731363732363635
+62343561373935383936616463316239666139643835323439656162386636383439633034323164
+36313630356664663530626137396638333462303462316432613639316238306564303439653838
+32656339326531666263333430303334303635333261653933353339383935313032383662633332
+30316132613339383761373830356537623531616632643762613935356230636439316431396466
+34343465613730346639643462383633396664666362646231366436626332636365663766613764
+61313334313131343663636331633330623030653235313363623531336630306435396131366433
+37643733333962373031663561663636343932613663323731356136623462613930356635616432
+63333237366335353461326336643533376139366461343161326135303364323035373030326432
+39376263306266643536316532643661306430396261343732366662363933343161353933626134
+39663739363436653461333631333539343739363738613133373966653362636138333462356437
+38316533663139643334633635303435636332346561303838373061376536653263396234313932
+62393836336633353337326233393334366138376161356536616433326665613365363131373164
+62386361306365306264643466663762393330303963636339316333306638636566393339303033
+39366136326637306235316666303137316634306535333032373132353630663833306138396663
+63653232333363306138363131356435303230303362373239303365373161666164313639663433
+64653436343865356663386132366638346465333738366462353333643336666534633930303836
+63623265363832643832626561376666346561653062656264366131303866356365653439326338
+63623235373636306432363563326564633764346439303165336338633963363437383264613339
+34666432356636613364353035653964636138376235383333326233366463633038373736646137
+36333465303961336632633539666338346464343534373439643764346433326637373732366236
+34656338346536366133303732333537306132333438303166393330373632393137383763323961
+39653833623262383966363162643737343932646563613839383963623330353531376130616134
+62313561326135326666346330316331386531396465376438303263333335623864623462643862
+37313230663163396535666538396131343437373638393063363065386363333664623130323336
+30626637323764643639326536386532323238653935666462663732343831303064366636616338
+33383934383735633561303333393163616262626536613734656239303538363730396530643136
+65353537353534643933306262313664393963646163356363373261643832663365613964663763
+36626366303330633536613234383839336361636661666664633132346663306634663430663361
+32393436626332326339343836613639623135613431333762663236343333343964613135656263
+64343331313563616464363261303434323562343863393566383234633833623631383464376535
+66393437343866313865376263353238363734323332626663383332323939326133313761316663
+33633762393461613636613736633737303030373266383232323663336639396462373730386233
+61363264336465326530343939393465613264353061646662323135626365363362623134626163
+33636365663364663565623030643664346434646338373830333665373837623238393761623834
+306532353835663232373339333934393236
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@ -4,6 +4,7 @@
 ###   users
 ###   install
 ###   config
+###   root_authorized_keys

 - name: "Set hostname to <{{ inventory_hostname }}>"
  hostname:
@ -20,6 +21,26 @@
      {{ host.ip }} {{ host.name }}
      {% endfor %}

+- name: "Adding authorized keys for root"
+  ansible.posix.authorized_key:
+    user: root
+    state: present
+    key: "{{ lookup('file', 'users/' + item + '/id_rsa.pub') }}"
+  loop: '{{ smardigo_plattform_users }}'
+  tags:
+    - never
+    - root_authorized_keys
+
+- name: "Removing outdated authorized keys for root"
+  ansible.posix.authorized_key:
+    user: root
+    state: absent
+    key: "{{ lookup('file', 'users/outdated/' + item.path) }}"
+  with_filetree: "users/outdated"
+  tags:
+    - never
+    - root_authorized_keys
+
 - name: "Read current users"
  shell: "getent passwd | awk -F: '$3 > 999 {print $1}'"
  register: current_users
--- a/users/claus.paetow/id_rsa.pub
+++ b/users/claus.paetow/id_rsa.pub
@ -1 +1 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDfDp/op9kBWA/sOqlZyfUZegYPHQpjq7nDecfy1maD4atpV3wG+QAeBrOtz9KOPGkbkqynwx8q4uH+ryRCPT15iJJlfH76GLbSfFRl2EXbX8Eoy5PGKdqDiMMGuX+Gj84cOzh16XGsOse+1S+uUKkYitgxGvuC+6edg7rM7uO6lHp/OizxvSZ+YZa8Bqljldlca05J6i+bC6Njt8j/9dTYAJfs/2tx//3MqNNAO/mhxC5gRDPCbdB+6TMjTL1e8KysUggq6Vlf9qoH7GLgrZRmzi6UR4qFPhaamsS23+m8AezOG91AgkUFbpeCbHoJRJc1ILyj3+MOQMTYLPyC+v3ZIZxp/ZAskZAFt3hxkn1vX9K85pRa+I2BW5RC4jhOv/iuqiDEs4P3hm5/9yAdv6zKKpx9a0ZGG/ecj1J1QCqzx5RNv5Jfz/C6hHGYCPrVQTYlgLE2zm/U8tQSV4eMkYfQTE8i5OxVr5GwCq5Id9ybrWIYFTnLOyS8x7BqSB5LtkrY4pv4MKjHtVu7mdoklNbWORbU9qufGZ1hFXLybvOUEGIrOpRvlWvFSHxF90JXV0lEUXib9ZXpy+53l4FhIpCBPjW37HrFa0kOSbp5qNp6r35sZfPhb+ujIBUBPK/DMwpoEdI5nKnhqXkAJN4KKhsBgYDAtM9M6X5zVyDBC0o4Qw== claus@NSO-NB01739
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDfDp/op9kBWA/sOqlZyfUZegYPHQpjq7nDecfy1maD4atpV3wG+QAeBrOtz9KOPGkbkqynwx8q4uH+ryRCPT15iJJlfH76GLbSfFRl2EXbX8Eoy5PGKdqDiMMGuX+Gj84cOzh16XGsOse+1S+uUKkYitgxGvuC+6edg7rM7uO6lHp/OizxvSZ+YZa8Bqljldlca05J6i+bC6Njt8j/9dTYAJfs/2tx//3MqNNAO/mhxC5gRDPCbdB+6TMjTL1e8KysUggq6Vlf9qoH7GLgrZRmzi6UR4qFPhaamsS23+m8AezOG91AgkUFbpeCbHoJRJc1ILyj3+MOQMTYLPyC+v3ZIZxp/ZAskZAFt3hxkn1vX9K85pRa+I2BW5RC4jhOv/iuqiDEs4P3hm5/9yAdv6zKKpx9a0ZGG/ecj1J1QCqzx5RNv5Jfz/C6hHGYCPrVQTYlgLE2zm/U8tQSV4eMkYfQTE8i5OxVr5GwCq5Id9ybrWIYFTnLOyS8x7BqSB5LtkrY4pv4MKjHtVu7mdoklNbWORbU9qufGZ1hFXLybvOUEGIrOpRvlWvFSHxF90JXV0lEUXib9ZXpy+53l4FhIpCBPjW37HrFa0kOSbp5qNp6r35sZfPhb+ujIBUBPK/DMwpoEdI5nKnhqXkAJN4KKhsBgYDAtM9M6X5zVyDBC0o4Qw== claus.paetow@netgo.de
--- a/users/outdated/alexander.gordon.pub
+++ b/users/outdated/alexander.gordon.pub
--- a/users/outdated/daniel.dz.pub
+++ b/users/outdated/daniel.dz.pub
@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPIlzZlKDc/koTYUplB8G+fMKd7Nsh+WvkHfeTN9R16C daniel.dziedzicki@arxes-tolina.de
--- a/users/outdated/peter.heise.latitude.pub
+++ b/users/outdated/peter.heise.latitude.pub
@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDt5aOYXBbBuPxJreoyJ7no+zOzTNyHTH+PZ0/z6U6X0D+kRae0/rzInFknPJhWQw/Jyw6Q5m2bl8G8WviY8Nh6XuOCo1Fs7pP+egZOQJR0oZnjzvDv9nC27dtHRkbr8CJ0kv1qTu04d/gKvC4I6zDp6fZXS9X4ZjBcO+zvO5QfJpa2zVqnsSoNBqGkOU81vWQD17yn08BpP+WgMFUl2DsWw2zzVOO5CwCjd4lfqZuWY4GIKSfEJed7iQAKzQghd+dL/tQECdkJmNPDuzXW66kv5NPEOEfYiAD3jggoIUvzhSyZEWuMUazYLYYlg3kMD0ALS9QQCPRc4katLizKXfnbVT8U6eHFrdcbGR20ct4ssRdEEXk2VMCIUqQGl2+fybiYs9hNc0f2K8Osb+f/sR5yPBN106zOV7Tbd6bdBljtKLMu7UdOhVdKQHOi63/kck1sI249L/EuMNPGTksNvIDGMpZ20nG5S4YjH5lB7Lxhr9vRdfeJCJRlObNH1IHm+xU1YnAkl6Qcq7iy/lu2TQWiKmHaOO4ijI7ckcIVVZGbxeaAxURPoA46iOlLMBup1WkzqeiO4z7Z2dmr8yAn/4fDHa3igoC+AVlWNUOPS8GfoC7qM4vVicffa4O/gwnkv2lXagvJ5SKdWkMR2XXLaX+VL6PtdCls6vvARlsPCmWJ9Q== pheise@latitude7490
--- a/users/peter.heise/id_rsa.pub
+++ b/users/peter.heise/id_rsa.pub
@ -1 +1 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDPiWNJzb4vqgkjsRjl1C5oTQbyEvsBPfBuVf3AL9Ssw7RJb8hl3VqVegJ1HqNe1/j4R04a53ND5qy93GBAYOI3iNKiWq2Cd9DM9QHN+EiNG7eo0wkr/VhBh5bh6knn12RXX1T0xnR9jeB3rIQWyJyR+PTSEz4oul+QjlKB8uO7LLmsoqVpVqGhj7xtoVIEfJPMCEBMjj/jc3rGK1ezrXBGCTFEQPl5b+XRy9kybv5hf6W02yPm82RRozG3/3zObiNPX/ajt5mHB09CTq5JLeLFlfftpcLEON1CDpzACm7cIvnYoHKltaGjkZaprxpPApkKLiPe8zVUYiG0wt5qYUXS/AQ5u6I0vFA+5H3fEYZMalp4fwf4OWFxqJQH97sivQe/q7SnOA70GiClri9qWt6r6/LP7du7UySvOWVX8R6CuD3OdaAHXng1UWLDwqP9r2XshQIVo90vz9vLVP2k7bBchxignmD7WL4VnEG5bhhf487xhK3+YCG8TWtGO8MXDp0= pheise@fedora-vm
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDPiWNJzb4vqgkjsRjl1C5oTQbyEvsBPfBuVf3AL9Ssw7RJb8hl3VqVegJ1HqNe1/j4R04a53ND5qy93GBAYOI3iNKiWq2Cd9DM9QHN+EiNG7eo0wkr/VhBh5bh6knn12RXX1T0xnR9jeB3rIQWyJyR+PTSEz4oul+QjlKB8uO7LLmsoqVpVqGhj7xtoVIEfJPMCEBMjj/jc3rGK1ezrXBGCTFEQPl5b+XRy9kybv5hf6W02yPm82RRozG3/3zObiNPX/ajt5mHB09CTq5JLeLFlfftpcLEON1CDpzACm7cIvnYoHKltaGjkZaprxpPApkKLiPe8zVUYiG0wt5qYUXS/AQ5u6I0vFA+5H3fEYZMalp4fwf4OWFxqJQH97sivQe/q7SnOA70GiClri9qWt6r6/LP7du7UySvOWVX8R6CuD3OdaAHXng1UWLDwqP9r2XshQIVo90vz9vLVP2k7bBchxignmD7WL4VnEG5bhhf487xhK3+YCG8TWtGO8MXDp0= peter.heise@netgo.de
				`@ -0,0 +1 @@`
				`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPIlzZlKDc/koTYUplB8G+fMKd7Nsh+WvkHfeTN9R16C daniel.dziedzicki@arxes-tolina.de`
				`@ -0,0 +1 @@`
				ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDt5aOYXBbBuPxJreoyJ7no+zOzTNyHTH+PZ0/z6U6X0D+kRae0/rzInFknPJhWQw/Jyw6Q5m2bl8G8WviY8Nh6XuOCo1Fs7pP+egZOQJR0oZnjzvDv9nC27dtHRkbr8CJ0kv1qTu04d/gKvC4I6zDp6fZXS9X4ZjBcO+zvO5QfJpa2zVqnsSoNBqGkOU81vWQD17yn08BpP+WgMFUl2DsWw2zzVOO5CwCjd4lfqZuWY4GIKSfEJed7iQAKzQghd+dL/tQECdkJmNPDuzXW66kv5NPEOEfYiAD3jggoIUvzhSyZEWuMUazYLYYlg3kMD0ALS9QQCPRc4katLizKXfnbVT8U6eHFrdcbGR20ct4ssRdEEXk2VMCIUqQGl2+fybiYs9hNc0f2K8Osb+f/sR5yPBN106zOV7Tbd6bdBljtKLMu7UdOhVdKQHOi63/kck1sI249L/EuMNPGTksNvIDGMpZ20nG5S4YjH5lB7Lxhr9vRdfeJCJRlObNH1IHm+xU1YnAkl6Qcq7iy/lu2TQWiKmHaOO4ijI7ckcIVVZGbxeaAxURPoA46iOlLMBup1WkzqeiO4z7Z2dmr8yAn/4fDHa3igoC+AVlWNUOPS8GfoC7qM4vVicffa4O/gwnkv2lXagvJ5SKdWkMR2XXLaX+VL6PtdCls6vvARlsPCmWJ9Q== pheise@latitude7490