From 0a8b1bfa6ed76105a0d334983cb229c75ab16b33 Mon Sep 17 00:00:00 2001 From: Joshua Boniface Date: Wed, 18 May 2022 14:42:45 -0400 Subject: [PATCH] Add method to remove inactive SSH keys --- group_vars/default/base.yml | 2 ++ roles/base/tasks/main.yml | 26 ++++++++++++++++++++++++++ 2 files changed, 28 insertions(+) diff --git a/group_vars/default/base.yml b/group_vars/default/base.yml index ac69a0e..859d876 100644 --- a/group_vars/default/base.yml +++ b/group_vars/default/base.yml @@ -110,6 +110,8 @@ admin_users: uid: 500 keys: - "ssh-ed25519 MyKey 2019-06" + removed: + - "ssh-ed25519 ObsoleteKey 2017-01" # Backup user SSH user keys, for remote backups separate from administrative users (e.g. rsync) # > Uncomment to activate this functionality. diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml index 932d641..87c92e1 100644 --- a/roles/base/tasks/main.yml +++ b/roles/base/tasks/main.yml @@ -838,6 +838,7 @@ authorized_key: user: "{{ deploy_username }}" key: "{{ item.1 }}" + state: present with_subelements: - "{{ admin_users }}" - keys @@ -845,6 +846,18 @@ - users - user-deploy +- name: remove authorized keys + authorized_key: + user: "{{ deploy_username }}" + key: "{{ item.1 }}" + state: absent + with_subelements: + - "{{ admin_users }}" + - removed + tags: + - users + - user-deploy + # admin_users - name: ensure user exists user: @@ -890,6 +903,7 @@ authorized_key: user: "{{ item.0.name }}" key: "{{ item.1 }}" + state: present with_subelements: - "{{ admin_users }}" - keys @@ -897,6 +911,18 @@ - users - user-admin +- name: remove authorized keys + authorized_key: + user: "{{ item.0.name }}" + key: "{{ item.1 }}" + state: absent + with_subelements: + - "{{ admin_users }}" + - removed + tags: + - users + - user-deploy + - name: write bashrc to homedir template: src: var/home/user/bashrc.j2