dustin
/
configpolicy
1
1
Fork 0
Code Issues Releases Activity

all: Set root authorized keys 

The `root_authorized_keys` variable was originally defined only for the
*pyrocufflink* group.  This used to effectively be "all" machines, since
everything was a member of the AD domain.  Now that we're moving away
from that deployment model, we still want to have the break-glass
option, so we need to define the authorized keys for the _all_ group.
unifi-restore
Dustin 2025-02-05 21:49:26 -06:00
parent d916545e29
commit e9d6020563
2 changed files with 10 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
group_vars/all.yml
View File

@ -1,6 +1,16 @@
ansible_become_method: community.general.doas ansible_become_method: community.general.doas
ansible_become_password: unused ansible_become_password: unused
root_authorized_keys: |
{% if ansible_distribution == "Fedora" and ansible_distribution_version|int >= 34 %}
sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAINZCN2cxMDwedJ1Ke23Z3CZRcOYjqW8fFqsooRus7RK0AAAABHNzaDo= dustin@rosalina.pyrocufflink.blue
sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAB6xTCSNz+AcQCWcyVKs84tThXN4wpLgCo2Lc48L6EsAAAABHNzaDo= dustin@luma.pyrocufflink.blue
{% else %}
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJsL5fSylmiJmBtW0DH/viAAmtU2E/2M17GPvysiyRs+ dustin@rosalina
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBw1T18jnBfR5reKAACOs/LMcs+jbclj6Eh8z56kJE7+ dustin@luma
{% endif %}
managed_users: managed_users:
- name: dustin - name: dustin
comment: Dustin C. Hatch comment: Dustin C. Hatch

9
group_vars/pyrocufflink/main.yml
View File

@ -7,13 +7,4 @@ pam_winbind: true
nss_winbind: true nss_winbind: true
pam_mkhomedir: true pam_mkhomedir: true
root_authorized_keys: |
{% if ansible_distribution == "Fedora" and ansible_distribution_version|int >= 34 %}
sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAINZCN2cxMDwedJ1Ke23Z3CZRcOYjqW8fFqsooRus7RK0AAAABHNzaDo= dustin@rosalina.pyrocufflink.blue
sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAB6xTCSNz+AcQCWcyVKs84tThXN4wpLgCo2Lc48L6EsAAAABHNzaDo= dustin@luma.pyrocufflink.blue
{% else %}
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJsL5fSylmiJmBtW0DH/viAAmtU2E/2M17GPvysiyRs+ dustin@rosalina
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBw1T18jnBfR5reKAACOs/LMcs+jbclj6Eh8z56kJE7+ dustin@luma
{% endif %}
fileserver_sftp_only_match: 'Group !server?admins,*' fileserver_sftp_only_match: 'Group !server?admins,*'