diff --git a/roles/manage-ssh-keys/handlers/main.yml b/roles/manage-ssh-keys/handlers/main.yml new file mode 100644 index 0000000..fd4e06e --- /dev/null +++ b/roles/manage-ssh-keys/handlers/main.yml @@ -0,0 +1,15 @@ +--- +- name: Cleanup and add timestamp + block: + - name: Kommentare aus der Datei entfernen + lineinfile: + path: "{{ authorized_keys_file }}" + state: absent + regexp: '^#.*$' + + - name: Kommentar hinzufügen (Modified by Ansible) + blockinfile: + path: "{{ authorized_keys_file }}" + marker: "" + block: | + # Modified by Ansible on {{ ansible_date_time.date }} at {{ ansible_date_time.time }} \ No newline at end of file diff --git a/roles/manage-ssh-keys/tasks/add-goodkeys.yml b/roles/manage-ssh-keys/tasks/add-goodkeys.yml new file mode 100644 index 0000000..082d3b9 --- /dev/null +++ b/roles/manage-ssh-keys/tasks/add-goodkeys.yml @@ -0,0 +1,10 @@ +--- +- name: Good Keys hinzufügen + lineinfile: + path: "{{ authorized_keys_file }}" + line: "{{ item }}" + create: yes + state: present + with_items: "{{ good_keys }}" + notify: + - Cleanup and add timestamp \ No newline at end of file diff --git a/roles/manage-ssh-keys/tasks/main.yml b/roles/manage-ssh-keys/tasks/main.yml index 9f85b17..d338881 100644 --- a/roles/manage-ssh-keys/tasks/main.yml +++ b/roles/manage-ssh-keys/tasks/main.yml @@ -1,35 +1,10 @@ --- -- name: Stelle sicher, dass das .ssh-Verzeichnis existiert - file: - path: "{{ authorized_keys_file | dirname }}" - state: directory - owner: "{{ ssh_user }}" - group: "{{ ssh_user }}" - mode: '0700' +# Haupt-Task der Rolle: Modularer Aufbau mit Subtasks +- name: Validiere SSH Keys + import_tasks: validate-keys.yml -- name: Lese aktuelle authorized_keys - slurp: - src: "{{ authorized_keys_file }}" - register: current_keys_content - ignore_errors: true +- name: Füge Good Keys hinzu + import_tasks: add-goodkeys.yml -- name: Bereite aktuelle Keys für den Vergleich vor - set_fact: - current_keys: "{{ (current_keys_content['content'] | b64decode).splitlines() if current_keys_content['content'] is defined else [] }}" - -- name: Filtern von Schlüsseln, die beibehalten werden - set_fact: - retained_keys: "{{ current_keys | difference(good_keys + bad_keys) }}" - -- name: Erstelle finale Liste der Keys - set_fact: - final_keys: "{{ retained_keys + good_keys }}" - -- name: Synchronisiere authorized_keys - copy: - content: "{{ final_keys | join('\n') + '\n' }}" - dest: "{{ authorized_keys_file }}" - owner: "{{ ssh_user }}" - group: "{{ ssh_user }}" - mode: '0600' - when: final_keys != current_keys \ No newline at end of file +- name: Entferne Bad Keys + import_tasks: remove-badkeys.yml \ No newline at end of file diff --git a/roles/manage-ssh-keys/tasks/remove-badkeys.yml b/roles/manage-ssh-keys/tasks/remove-badkeys.yml new file mode 100644 index 0000000..4acdb15 --- /dev/null +++ b/roles/manage-ssh-keys/tasks/remove-badkeys.yml @@ -0,0 +1,9 @@ +--- +- name: Bad Keys entfernen + lineinfile: + path: "{{ authorized_keys_file }}" + line: "{{ item }}" + state: absent + with_items: "{{ bad_keys }}" + notify: + - Cleanup and add timestamp \ No newline at end of file diff --git a/roles/manage-ssh-keys/tasks/validate-keys.yml b/roles/manage-ssh-keys/tasks/validate-keys.yml new file mode 100644 index 0000000..b6e4e60 --- /dev/null +++ b/roles/manage-ssh-keys/tasks/validate-keys.yml @@ -0,0 +1,8 @@ +--- +- name: Stelle sicher, dass das .ssh-Verzeichnis existiert + file: + path: "{{ authorized_keys_file | dirname }}" + state: directory + owner: "{{ ssh_user }}" + group: "{{ ssh_user }}" + mode: '0700' \ No newline at end of file