From 1089927be3acd4fea44cac0d5a78f01ccfafe26b Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Mon, 1 Dec 2025 09:56:34 -0600 Subject: [PATCH] all: Use vars for sk/non-sk SSH keys Splitting up the SSH keys authorized for root login into separate variables for SK versus legacy keys will allow more fine-grained control of which set is used in certain situations. Specifically, the intent is to allow non-Fedora operating systems to use the SK variants if applicable, without having to repeat them explicitly. --- group_vars/all.yml | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/group_vars/all.yml b/group_vars/all.yml index c76dfed..48281c4 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -1,13 +1,19 @@ ansible_become_method: community.general.doas ansible_become_password: unused -root_authorized_keys: | - {% if ansible_distribution == "Fedora" and ansible_distribution_version|int >= 34 %} +dustin_ssh_keys_sk: | sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAINZCN2cxMDwedJ1Ke23Z3CZRcOYjqW8fFqsooRus7RK0AAAABHNzaDo= dustin@rosalina.pyrocufflink.blue sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAB6xTCSNz+AcQCWcyVKs84tThXN4wpLgCo2Lc48L6EsAAAABHNzaDo= dustin@luma.pyrocufflink.blue - {% else %} + +dustin_ssh_keys: | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJsL5fSylmiJmBtW0DH/viAAmtU2E/2M17GPvysiyRs+ dustin@rosalina ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBw1T18jnBfR5reKAACOs/LMcs+jbclj6Eh8z56kJE7+ dustin@luma + +root_authorized_keys: | + {% if ansible_distribution == "Fedora" and ansible_distribution_version|int >= 34 %} + {{ dustin_ssh_keys_sk }} + {% else %} + {{ dustin_ssh_keys }} {% endif %}