From fba0ddd348235ff9fd835b84a3247fe76325dae1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Xavi=20Lle=C3=B3=20Tom=C3=A1s?= <xavi@verdnatura.es>
Date: Mon, 21 Oct 2024 13:57:47 +0200
Subject: [PATCH] Refs #8013: Playbook Claves ssh - authorized_keys2 added with
 users list. Split ssh task, generate keys & configure.

---
 roles/debian-base/tasks/main.yml                |  4 ++--
 roles/debian-base/tasks/sshd_configure.yml      | 17 +++++++++++++++++
 roles/debian-guest/handlers/main.yml            |  4 ++++
 roles/debian-guest/tasks/main.yml               |  2 ++
 .../ssh.yml => debian-guest/tasks/ssh_keys.yml} | 12 +-----------
 5 files changed, 26 insertions(+), 13 deletions(-)
 create mode 100644 roles/debian-base/tasks/sshd_configure.yml
 rename roles/{debian-base/tasks/ssh.yml => debian-guest/tasks/ssh_keys.yml} (67%)

diff --git a/roles/debian-base/tasks/main.yml b/roles/debian-base/tasks/main.yml
index ccb64ce..dcd5f94 100644
--- a/roles/debian-base/tasks/main.yml
+++ b/roles/debian-base/tasks/main.yml
@@ -6,8 +6,8 @@
   tags: resolv
 - import_tasks: timesync.yml
   tags: timesync
-- import_tasks: ssh.yml
-  tags: ssh
+- import_tasks: sshd_configure.yml
+  tags: sshd_configure
 - import_tasks: defuser.yml
   tags: defuser
 - import_tasks: install.yml
diff --git a/roles/debian-base/tasks/sshd_configure.yml b/roles/debian-base/tasks/sshd_configure.yml
new file mode 100644
index 0000000..6c6b19d
--- /dev/null
+++ b/roles/debian-base/tasks/sshd_configure.yml
@@ -0,0 +1,17 @@
+- name: Configure sshd_config settings
+  copy:
+    dest: /etc/ssh/sshd_config.d/vn-listenipv4.conf
+    content: |
+      # Do not edit this file! Ansible will overwrite it.
+      ListenAddress 0.0.0.0
+    owner: root
+    group: root
+    mode: u=rw,g=r,o=r
+  notify: restart sshd
+- name: Deploy custom authorized_keys for root
+  copy:
+    dest: /root/.ssh/authorized_keys2
+    content: "{{ public_keys }}"
+    owner: root
+    group: root
+    mode: u=rw,g=,o=
diff --git a/roles/debian-guest/handlers/main.yml b/roles/debian-guest/handlers/main.yml
index 2da7a1c..dd3e923 100644
--- a/roles/debian-guest/handlers/main.yml
+++ b/roles/debian-guest/handlers/main.yml
@@ -2,3 +2,7 @@
   service:
     name: nslcd
     state: restarted
+- name: restart-ssh
+  systemd:
+    name: ssh
+    state: restarted
diff --git a/roles/debian-guest/tasks/main.yml b/roles/debian-guest/tasks/main.yml
index 44edaef..bb9b76f 100644
--- a/roles/debian-guest/tasks/main.yml
+++ b/roles/debian-guest/tasks/main.yml
@@ -2,3 +2,5 @@
   tags: auth
 - import_tasks: sudoers.yml
   tags: sudoers
+- import_tasks: ssh_keys.yml
+  tags: ssh_keys
\ No newline at end of file
diff --git a/roles/debian-base/tasks/ssh.yml b/roles/debian-guest/tasks/ssh_keys.yml
similarity index 67%
rename from roles/debian-base/tasks/ssh.yml
rename to roles/debian-guest/tasks/ssh_keys.yml
index 580eeea..0fd4c6f 100644
--- a/roles/debian-base/tasks/ssh.yml
+++ b/roles/debian-guest/tasks/ssh_keys.yml
@@ -18,14 +18,4 @@
       path: /etc/vn.ini
       section: witness
       option: ssh_keys_generated
-      value: true
-- name: Configure sshd_config settings
-  copy:
-    dest: /etc/ssh/sshd_config.d/vn-listenipv4.conf
-    content: |
-      # Do not edit this file! Ansible will overwrite it.
-      ListenAddress 0.0.0.0
-    owner: root
-    group: root
-    mode: u=rw,g=r,o=r
-  notify: restart sshd
+      value: true
\ No newline at end of file
-- 
2.40.1