Add a role for deploying infrastructure authorized keys and use it

2023-11-11 00:23:20 +01:00 · 2023-11-11 00:23:20 +01:00 · bb95923807
parent 89f1b1b299
commit bb95923807
5 changed files with 31 additions and 0 deletions
--- a/inventories/chaosknoten/hosts.yaml
+++ b/inventories/chaosknoten/hosts.yaml
@ -55,3 +55,11 @@ all:
        keycloak:
        wiki:
        onlyoffice:
+    infrastructure_authorized_keys_hosts:
+      hosts:
+        cloud:
+        pad:
+        public-reverse-proxy:
+        keycloak:
+        wiki:
+        onlyoffice:
--- a/inventories/z9/hosts.yaml
+++ b/inventories/z9/hosts.yaml
@ -59,3 +59,11 @@ all:
    docker_compose_hosts:
      hosts:
        uptime-kuma:
+    infrastructure_authorized_keys_hosts:
+      hosts:
+        light:
+        mqtt:
+        zigbee2mqtt:
+        authoritative-dns:
+        mailserver-endpoint:
+        uptime-kuma:
--- a/playbooks/deploy.yaml
+++ b/playbooks/deploy.yaml
@ -7,6 +7,11 @@
  roles:
    - deploy_ssh_server_config

+- name: Ensure deployment of infrastructure authorized keys
+  hosts: infrastructure_authorized_keys_hosts
+  roles:
+    - infrastructure_authorized_keys
+
 - name: Ensure Nextcloud config
  hosts: nextcloud_hosts
  roles:
--- a/playbooks/roles/infrastructure_authorized_keys/README.md
+++ b/playbooks/roles/infrastructure_authorized_keys/README.md
@ -0,0 +1,3 @@
+# Role `infrastructure_authorized_keys`
+
+A role for deploying the infrastructure authorized keys from [this repo](https://gitlab.hamburg.ccc.de/ccchh/infrastructure-authorized-keys).
--- a/playbooks/roles/infrastructure_authorized_keys/tasks/main.yaml
+++ b/playbooks/roles/infrastructure_authorized_keys/tasks/main.yaml
@ -0,0 +1,7 @@
+- name: deploy infrastructure authorized keys
+  ansible.posix.authorized_key:
+    state: present
+    user: chaos
+    exclusive: true
+    key: https://gitlab.hamburg.ccc.de/ccchh/infrastructure-authorized-keys/-/raw/trunk/authorized_keys?ref_type=heads&inline=false
+