rotate ansibe-user ssh key (#544)
Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: #544
This commit is contained in:
parent
8e9465e0b9
commit
ce813a881b
7 changed files with 11 additions and 7 deletions
3
.gitignore
vendored
3
.gitignore
vendored
|
|
@ -2,6 +2,9 @@
|
||||||
vault-pass.yml
|
vault-pass.yml
|
||||||
id_rsa_ansible_user
|
id_rsa_ansible_user
|
||||||
id_rsa_ansible_user_pub
|
id_rsa_ansible_user_pub
|
||||||
|
id_rsa_ansible_user.pub
|
||||||
plugins/lookup/__pycache__/**
|
plugins/lookup/__pycache__/**
|
||||||
plugins/callback/__pycache__/
|
plugins/callback/__pycache__/
|
||||||
trace/**json
|
trace/**json
|
||||||
|
id_ed25519
|
||||||
|
id_ed25519.pub
|
||||||
|
|
|
||||||
|
|
@ -5,7 +5,7 @@ retry_files_enabled = False
|
||||||
roles_path = ./roles
|
roles_path = ./roles
|
||||||
lookup_plugins = ./plugins/lookup
|
lookup_plugins = ./plugins/lookup
|
||||||
collections_paths = ./ansible_collections
|
collections_paths = ./ansible_collections
|
||||||
private_key_file = ./id_rsa_ansible_user
|
private_key_file = ./id_ed25519
|
||||||
vault_password_file = vault-pass.yml
|
vault_password_file = vault-pass.yml
|
||||||
gathering = smart
|
gathering = smart
|
||||||
#display_ok_hosts = no # zeigt nur noch changed und error tasks/hosts an
|
#display_ok_hosts = no # zeigt nur noch changed und error tasks/hosts an
|
||||||
|
|
|
||||||
|
|
@ -43,7 +43,7 @@
|
||||||
update_password: on_create
|
update_password: on_create
|
||||||
groups: ssh, sudo
|
groups: ssh, sudo
|
||||||
state: present
|
state: present
|
||||||
public_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyqs0OE5RVqs6tIzyuGQWvq/OVDa/tfdSEqMIwcthFt+pwCCjpqtNc8L8FSXgphSwuNosFakqhMLDFD3pmII+t61NRExsoR3nGTDuCAQnTvTKXTEfhnunN3pwgXWVTI68j9pRzmSy+hMkSFbgN9EGMSXxGcNunY7ewS3ZkVe08SWFpiX9giYq6uiOiMHsZKdcP6s2QRXUhZlTx2cOc/9gJ5lD82EUXQRZzT6ww2xVrceIW9c3CZFmSmYWxvrR7dPcHrke90FPPd5WhU+Anz++6GsT6+OhZTk+uQnBHllFXn9NoFQIEUDO4zV+gFXITaAbTkLAcCwuKB2QcDZ6C2mhf ansible-generated on ansible-v2
|
public_ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJcBwOjanQV6sFWaTetqpl20SVe3aRzGjKbsp7hKkDCE mg@irantu
|
||||||
allow_sudo: true
|
allow_sudo: true
|
||||||
allow_passwordless_sudo: true
|
allow_passwordless_sudo: true
|
||||||
### mgrote.munin-node
|
### mgrote.munin-node
|
||||||
|
|
|
||||||
|
|
@ -39,7 +39,7 @@
|
||||||
update_password: on_create
|
update_password: on_create
|
||||||
groups: ssh, sudo
|
groups: ssh, sudo
|
||||||
state: present
|
state: present
|
||||||
public_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyqs0OE5RVqs6tIzyuGQWvq/OVDa/tfdSEqMIwcthFt+pwCCjpqtNc8L8FSXgphSwuNosFakqhMLDFD3pmII+t61NRExsoR3nGTDuCAQnTvTKXTEfhnunN3pwgXWVTI68j9pRzmSy+hMkSFbgN9EGMSXxGcNunY7ewS3ZkVe08SWFpiX9giYq6uiOiMHsZKdcP6s2QRXUhZlTx2cOc/9gJ5lD82EUXQRZzT6ww2xVrceIW9c3CZFmSmYWxvrR7dPcHrke90FPPd5WhU+Anz++6GsT6+OhZTk+uQnBHllFXn9NoFQIEUDO4zV+gFXITaAbTkLAcCwuKB2QcDZ6C2mhf ansible-generated on ansible-v2
|
public_ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJcBwOjanQV6sFWaTetqpl20SVe3aRzGjKbsp7hKkDCE mg@irantu
|
||||||
allow_sudo: true
|
allow_sudo: true
|
||||||
allow_passwordless_sudo: true
|
allow_passwordless_sudo: true
|
||||||
### geerlingguy.docker
|
### geerlingguy.docker
|
||||||
|
|
|
||||||
|
|
@ -24,7 +24,7 @@
|
||||||
update_password: on_create
|
update_password: on_create
|
||||||
groups: ssh, sudo
|
groups: ssh, sudo
|
||||||
state: present
|
state: present
|
||||||
public_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyqs0OE5RVqs6tIzyuGQWvq/OVDa/tfdSEqMIwcthFt+pwCCjpqtNc8L8FSXgphSwuNosFakqhMLDFD3pmII+t61NRExsoR3nGTDuCAQnTvTKXTEfhnunN3pwgXWVTI68j9pRzmSy+hMkSFbgN9EGMSXxGcNunY7ewS3ZkVe08SWFpiX9giYq6uiOiMHsZKdcP6s2QRXUhZlTx2cOc/9gJ5lD82EUXQRZzT6ww2xVrceIW9c3CZFmSmYWxvrR7dPcHrke90FPPd5WhU+Anz++6GsT6+OhZTk+uQnBHllFXn9NoFQIEUDO4zV+gFXITaAbTkLAcCwuKB2QcDZ6C2mhf ansible-generated on ansible-v2
|
public_ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJcBwOjanQV6sFWaTetqpl20SVe3aRzGjKbsp7hKkDCE mg@irantu
|
||||||
allow_sudo: true
|
allow_sudo: true
|
||||||
allow_passwordless_sudo: true
|
allow_passwordless_sudo: true
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -23,9 +23,10 @@
|
||||||
update_password: on_create
|
update_password: on_create
|
||||||
groups: ssh, sudo
|
groups: ssh, sudo
|
||||||
state: present
|
state: present
|
||||||
public_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyqs0OE5RVqs6tIzyuGQWvq/OVDa/tfdSEqMIwcthFt+pwCCjpqtNc8L8FSXgphSwuNosFakqhMLDFD3pmII+t61NRExsoR3nGTDuCAQnTvTKXTEfhnunN3pwgXWVTI68j9pRzmSy+hMkSFbgN9EGMSXxGcNunY7ewS3ZkVe08SWFpiX9giYq6uiOiMHsZKdcP6s2QRXUhZlTx2cOc/9gJ5lD82EUXQRZzT6ww2xVrceIW9c3CZFmSmYWxvrR7dPcHrke90FPPd5WhU+Anz++6GsT6+OhZTk+uQnBHllFXn9NoFQIEUDO4zV+gFXITaAbTkLAcCwuKB2QcDZ6C2mhf ansible-generated on ansible-v2
|
public_ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJcBwOjanQV6sFWaTetqpl20SVe3aRzGjKbsp7hKkDCE mg@irantu
|
||||||
allow_sudo: true
|
allow_sudo: true
|
||||||
allow_passwordless_sudo: true
|
allow_passwordless_sudo: true
|
||||||
|
|
||||||
### mgrote.apt_manage_packages
|
### mgrote.apt_manage_packages
|
||||||
apt_packages_extra:
|
apt_packages_extra:
|
||||||
- ifupdown2
|
- ifupdown2
|
||||||
|
|
|
||||||
|
|
@ -6,7 +6,7 @@
|
||||||
- name: Set authorized key taken from file
|
- name: Set authorized key taken from file
|
||||||
become: yes
|
become: yes
|
||||||
ansible.posix.authorized_key:
|
ansible.posix.authorized_key:
|
||||||
user: mg
|
user: ansible-user
|
||||||
state: present
|
state: present
|
||||||
key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKL8opSQ0rWVw9uCfbuiqmXq188OP4xh66MBTO3zV5jo heimserver_mg_v3
|
key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJcBwOjanQV6sFWaTetqpl20SVe3aRzGjKbsp7hKkDCE mg@irantu
|
||||||
exclusive: true #entferne alle keys bis auf diesen
|
exclusive: true #entferne alle keys bis auf diesen
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue