restructure repo

2024-11-22 20:25:38 +01:00
parent 5a0f229511
commit 344c9508ea
17 changed files with 184 additions and 43 deletions
--- a/roles/manage-ssh-keys/defaults/main.yml
+++ b/roles/manage-ssh-keys/defaults/main.yml
@@ -0,0 +1,14 @@
+---
+ssh_user: "root"
+authorized_keys_file: >-
+  {{ "/root/.ssh/authorized_keys" if ssh_user == "root" else "/home/{{ ssh_user }}/.ssh/authorized_keys" }}
+
+# Liste der erwünschten (Good) Keys
+good_keys:
+  - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL/XwF0Na+YH7lRqGtwEcyIMVGTQZetNDrC9sZ8ofjC5 niklas@Linkman-PC"
+  - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINPHSP1qvaoJDwMtka6UV9aOw24cKHBOa2Eyx7JBmhEg dennis@DESKTOP-V99ARL9"
+
+# Liste der unerwünschten (Bad) Keys
+bad_keys:
+  - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCgNIBhFlWa82Q0f2EnPcpHsP5JmmGpxyWVUhfpWV3KLvNkl63aGBRZW1gEoda1P5j/ESkwHntVeen8vHjqlQ/ZB9Bs3XtWwsvtS8gfyCoRqgQVQ31T52KVT3QL8/ep0RYwG+3VbE9yvQgeELJETzpXWoyY9+RrPG1gMdArML5cO1NCizShsxNKgHe75+GjCdEe3HMUuCcfJ23JqxPqgA5HoGW1mGsbI1LnLn1fqgmywSKET5LpkKHtHjrXFtQi2NKEnZ3RNxgh60v4amvMKLsxBk1vAn40X+ZeLJwNMpMHep2IzvO67inlj9iWaY5VXjZznLXzd85zhTO3eDv+yAp9 linkman-pc-2022"
+  # - "ssh-rsa AAAAB3... badkey2"
--- a/roles/manage-ssh-keys/handlers/main.yml
+++ b/roles/manage-ssh-keys/handlers/main.yml
@@ -0,0 +1,13 @@
+---
+  - name: Cleanup Comments
+    lineinfile:
+      path: "{{ authorized_keys_file }}"
+      state: absent
+      regexp: '^#.*$'
+
+  - name: Add Comment
+    blockinfile:
+      path: "{{ authorized_keys_file }}"
+      marker: ""
+      block: |
+        # Modified by Ansible on {{ ansible_date_time.date }} at {{ ansible_date_time.time }}
--- a/roles/manage-ssh-keys/tasks/add-goodkeys.yml
+++ b/roles/manage-ssh-keys/tasks/add-goodkeys.yml
@@ -0,0 +1,11 @@
+---
+- name: Good Keys hinzufügen
+  lineinfile:
+    path: "{{ authorized_keys_file }}"
+    line: "{{ item }}"
+    create: yes
+    state: present
+  with_items: "{{ good_keys }}"
+  notify:
+    - Cleanup Comments
+    - Add Comment
--- a/roles/manage-ssh-keys/tasks/main.yml
+++ b/roles/manage-ssh-keys/tasks/main.yml
@@ -0,0 +1,12 @@
+---
+# Haupt-Task der Rolle: Modularer Aufbau mit Subtasks
+- name: Validiere SSH Keys
+  import_tasks: validate-authorized-keys.yml
+
+- name: Füge Good Keys hinzu
+  import_tasks: add-goodkeys.yml
+  when: good_keys
+
+- name: Entferne Bad Keys
+  import_tasks: remove-badkeys.yml
+  when: bad_keys
--- a/roles/manage-ssh-keys/tasks/remove-badkeys.yml
+++ b/roles/manage-ssh-keys/tasks/remove-badkeys.yml
@@ -0,0 +1,10 @@
+---
+- name: Bad Keys entfernen
+  lineinfile:
+    path: "{{ authorized_keys_file }}"
+    line: "{{ item }}"
+    state: absent
+  with_items: "{{ bad_keys }}"
+  notify:
+    - Cleanup Comments
+    - Add Comment
--- a/roles/manage-ssh-keys/tasks/validate-authorized-keys.yml
+++ b/roles/manage-ssh-keys/tasks/validate-authorized-keys.yml
@@ -0,0 +1,8 @@
+---
+- name: Stelle sicher, dass das .ssh-Verzeichnis existiert
+  file:
+    path: "{{ authorized_keys_file | dirname }}"
+    state: directory
+    owner: "{{ ssh_user }}"
+    group: "{{ ssh_user }}"
+    mode: '0700'