35 lines
1.0 KiB
YAML
35 lines
1.0 KiB
YAML
---
|
|
- name: Stelle sicher, dass das .ssh-Verzeichnis existiert
|
|
file:
|
|
path: "{{ authorized_keys_file | dirname }}"
|
|
state: directory
|
|
owner: "{{ ssh_user }}"
|
|
group: "{{ ssh_user }}"
|
|
mode: '0700'
|
|
|
|
- name: Lese aktuelle authorized_keys
|
|
slurp:
|
|
src: "{{ authorized_keys_file }}"
|
|
register: current_keys_content
|
|
ignore_errors: true
|
|
|
|
- name: Bereite aktuelle Keys für den Vergleich vor
|
|
set_fact:
|
|
current_keys: "{{ (current_keys_content['content'] | b64decode).splitlines() if current_keys_content['content'] is defined else [] }}"
|
|
|
|
- name: Filtern von Schlüsseln, die beibehalten werden
|
|
set_fact:
|
|
retained_keys: "{{ current_keys | difference(good_keys + bad_keys) }}"
|
|
|
|
- name: Erstelle finale Liste der Keys
|
|
set_fact:
|
|
final_keys: "{{ retained_keys + good_keys }}"
|
|
|
|
- name: Synchronisiere authorized_keys
|
|
copy:
|
|
content: "{{ final_keys | join('\n') + '\n' }}"
|
|
dest: "{{ authorized_keys_file }}"
|
|
owner: "{{ ssh_user }}"
|
|
group: "{{ ssh_user }}"
|
|
mode: '0600'
|
|
when: final_keys != current_keys |