Restructured role manage-ssh-keys

2024-11-21 16:05:54 +01:00
parent b854e41745
commit 07b21314ef
5 changed files with 49 additions and 32 deletions
--- a/roles/manage-ssh-keys/handlers/main.yml
+++ b/roles/manage-ssh-keys/handlers/main.yml
@@ -0,0 +1,15 @@
+---
+- name: Cleanup and add timestamp
+  block:
+    - name: Kommentare aus der Datei entfernen
+      lineinfile:
+        path: "{{ authorized_keys_file }}"
+        state: absent
+        regexp: '^#.*$'
+
+    - name: Kommentar hinzufügen (Modified by Ansible)
+      blockinfile:
+        path: "{{ authorized_keys_file }}"
+        marker: ""
+        block: |
+          # Modified by Ansible on {{ ansible_date_time.date }} at {{ ansible_date_time.time }}
--- a/roles/manage-ssh-keys/tasks/add-goodkeys.yml
+++ b/roles/manage-ssh-keys/tasks/add-goodkeys.yml
@@ -0,0 +1,10 @@
+---
+- name: Good Keys hinzufügen
+  lineinfile:
+    path: "{{ authorized_keys_file }}"
+    line: "{{ item }}"
+    create: yes
+    state: present
+  with_items: "{{ good_keys }}"
+  notify:
+    - Cleanup and add timestamp
--- a/roles/manage-ssh-keys/tasks/main.yml
+++ b/roles/manage-ssh-keys/tasks/main.yml
@@ -1,35 +1,10 @@
 ---
- name: Stelle sicher, dass das .ssh-Verzeichnis existiert
-  file:
-    path: "{{ authorized_keys_file | dirname }}"
-    state: directory
-    owner: "{{ ssh_user }}"
-    group: "{{ ssh_user }}"
-    mode: '0700'
+# Haupt-Task der Rolle: Modularer Aufbau mit Subtasks
+- name: Validiere SSH Keys
+  import_tasks: validate-keys.yml

- name: Lese aktuelle authorized_keys
-  slurp:
-    src: "{{ authorized_keys_file }}"
-  register: current_keys_content
-  ignore_errors: true
+- name: Füge Good Keys hinzu
+  import_tasks: add-goodkeys.yml

- name: Bereite aktuelle Keys für den Vergleich vor
-  set_fact:
-    current_keys: "{{ (current_keys_content['content'] | b64decode).splitlines() if current_keys_content['content'] is defined else [] }}"
-
- name: Filtern von Schlüsseln, die beibehalten werden
-  set_fact:
-    retained_keys: "{{ current_keys | difference(good_keys + bad_keys) }}"
-
- name: Erstelle finale Liste der Keys
-  set_fact:
-    final_keys: "{{ retained_keys + good_keys }}"
-
- name: Synchronisiere authorized_keys
-  copy:
-    content: "{{ final_keys | join('\n') + '\n' }}"
-    dest: "{{ authorized_keys_file }}"
-    owner: "{{ ssh_user }}"
-    group: "{{ ssh_user }}"
-    mode: '0600'
-  when: final_keys != current_keys
+- name: Entferne Bad Keys
+  import_tasks: remove-badkeys.yml
--- a/roles/manage-ssh-keys/tasks/remove-badkeys.yml
+++ b/roles/manage-ssh-keys/tasks/remove-badkeys.yml
@@ -0,0 +1,9 @@
+---
+- name: Bad Keys entfernen
+  lineinfile:
+    path: "{{ authorized_keys_file }}"
+    line: "{{ item }}"
+    state: absent
+  with_items: "{{ bad_keys }}"
+  notify:
+    - Cleanup and add timestamp
--- a/roles/manage-ssh-keys/tasks/validate-keys.yml
+++ b/roles/manage-ssh-keys/tasks/validate-keys.yml
@@ -0,0 +1,8 @@
+---
+- name: Stelle sicher, dass das .ssh-Verzeichnis existiert
+  file:
+    path: "{{ authorized_keys_file | dirname }}"
+    state: directory
+    owner: "{{ ssh_user }}"
+    group: "{{ ssh_user }}"
+    mode: '0700'