diff --git a/docker/bake-pies.yml b/docker/bake-pies.yml index 7ce6576..571f37b 100755 --- a/docker/bake-pies.yml +++ b/docker/bake-pies.yml @@ -59,6 +59,33 @@ line: "{{ peitho_key }}" when: peithokey_test.stdout == "0" + - name: Check Knox public key + shell: "grep -c \"{{ knox_key }}\" /home/pi/.ssh/authorized_keys || true" + register: knoxkey_test + + - name: Add Knox public key + lineinfile: + dest: /home/pi/.ssh/authorized_keys + line: "{{ knox_key }}" + when: knoxkey_test.stdout == "0" + + - name: Check Buttercup public key + shell: "grep -c \"{{ buttercup_key }}\" /home/pi/.ssh/authorized_keys || true" + register: buttercupkey_test + + - name: Add Buttercup public key + lineinfile: + dest: /home/pi/.ssh/authorized_keys + line: "{{ buttercup_key }}" + when: buttercupkey_test.stdout == "0" + + - name: Update the sshd config file to disable password logins + replace: + path: /etc/ssh/sshd_config + regexp: '(\s+)#PasswordAuthentication yes(\s+.*)?$' + replace: "\\1PasswordAuthentication no\\2" + backup: yes + - name: Check if .ssh config file exists stat: path: /home/pi/.ssh/config @@ -93,7 +120,6 @@ become: yes become_user: pi shell: ssh-keygen -t rsa -b 4096 -q -f /home/pi/.ssh/id_rsa -C "pi@{{ hostname }} $(date '+%Y.%m.%d')" -N "" -# shell: ssh-keygen -t rsa -b 4096 -q -f /home/pi/.ssh/id_rsa -C "$(whoami)@$(hostname) $(date '+%Y.%m.%d')" -N "" - name: Install Docker shell: curl -sSL https://get.docker.com | sh @@ -136,7 +162,7 @@ state: started name: knox-redis-tunnel - - name: install knox-redis-tunnel systemd unit file + - name: install gotthard systemd unit file template: src: "files/gotthard.service" dest: "/etc/systemd/system/gotthard.service" diff --git a/docker/vars/pies.yml b/docker/vars/pies.yml index 4d3b186..09312d7 100644 --- a/docker/vars/pies.yml +++ b/docker/vars/pies.yml @@ -1,4 +1,6 @@ --- -hostname: "chd3" -ssh_port: "22447" +hostname: "pkl3" +ssh_port: "22243" peitho_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCrT4geK0hUTc/3NDVt0g3DZwdOg2dRq4MbNdVvmRVsJHXRXWkyehzDVTRmxxmUvPZgy20QgLcMVJWQ1128ksg7tYNcVRw7/8kV9xMmVFeHGc03H+8WltUuDrbcM5ejaIFvYgZvZpl1A7uuE8VOT6Z0LentV7VSKpmhrRsnYw3+parmjCLWSoW6HLj6L841OlF+4u07fPj92qXonqufeWvh5Fr2RF+uBkDv3Bk+Lk7ENa0GLt9zu/5zVZGynXpCIRwltxCFkLoFYEzXYxT4jGWSxZQmLizm08RFfQGlrbYx/3qUomF/A7cgpkPo8kOq4iXtc+1+1GZNKhg8356yeQonUdbZ9hUfEfgyHRGRx9x5cq588XKYy7VsYDp/08ZYB0RvvGvO4fVzmVUwrTwxQXJaKkqTMdkee11JAaDfJpfsyrAcLiD/jp2ezoJhGWJxZLZQSMLtZcyRWPw6bPT65a8MdyF3b1Mv2aOU78Gjagh7mH8DCa3ZtPglngiwjKMZTMvSavNtDEE5CUL6hE+Hsqo6RUGRnYy3VvqvBepx3+CyTwYNvg2+AuzacKjumhrxG5Ca0gyxFdHVSK0eFqsVotU7/m8yJUxSYzsyeEC/sELpj3H3JU1aaySCnW22T6b/8Fwe2Sj0YHIvNidN1K5/voxqd9WgNObdcvbOXNUfd4vAdQ== 2020.05.26 peitho" +knox_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCx0VJ05IOFNJbXNZANk5JPZEaqZH5PwdpmfvLvEmOBpc/nAggukElAmzIUXxomIHNiomwCz2vdTR3iNR5wRpaQW0KpJ+bi2ErDG7DoXLozHh98UOZOnG9uSAZh5v+2n9gtQM4qKHgtoarKFF7PZXB8u7ROLOnY6eLXFjvS6j0tYgPbn0i2ULRTzgC3pnK5GlJ/m5yqk3poArfXTn0vO/HMnLdMXVY9AFBGNEO4C6uvtTYzLbFj8ymPXf7oDyFwEujaRoc1/ns+9s3dPE3EMYWGu0mMwRZTUOIC2Rbix7U3bVuU4UJHPCMxDYXH9CAvM/KpKSVNswfO414lpvKsS1P6co00pYhUr+pYGA0ur2ixOnuXbz9zIWh9KnUvenKwXSYgentsmTp+ylAchPULgf+bLI9SIPaac5TwEn8Njx/APtEiu+Z8xxIWL4LrDufcLLlTvXuTZzlsNE8ipOjpE1kCAjmyrl6d/Umfm2Vbp3laJYSSirRp8uMoPcDwVvPOZ0s= tanshu@knox 2020.12.07" +buttercup_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDfXd0bEU7vJFA+IA+Bdwfh/hTqSvi3JjPhHGxBr0i8/HgE4cww89GqNgY21vjxWgOv9BgBBhKndVTOzeY3FKI5p67JRvMoRSQAzFXBtiMCIHbtFqeWV7u0smcHT59c6ROAk8Gep8+XSRKHvN0Vwcm21BZBh8jb4PXG7AIXwlL1ovopgIzO50qg1a5sAIW8uTWMLHDGiOdgwet1qj55sYoO1XxPRJxk/aD9QVTYl1/wGo912bI/HN7z6DudqLVaZubJXF9Svsas8BO28h9Qn+IH4/mVqeB56AE3NrrCEsCyMFccZgG9YYIvGx8/OxWd0TjjqGq7P0SfuQ/xZGVBwFFJe8QC0Y8BZHyHx5fzSFxqZ756ue7BjHrdqS6HtCPZk9kQqo0xmGOum1WknonVT6to11mcsZE9lMeoLbpJnmNbKJp1YW1yTJJs8kB56BJQ8pRm4A+hbHjJPYScJVOf5aX39aDaszGBbqxCC525D6blQ9TGNBEY7xGzC00MORZ7FFlQI8Hu+uwmzcMNa5QWbKnFn/QwvnnpKi6inuZDQ7LZzSFjqZf/mF7BALYQ86Fj0oD2iJS6V03Mjqvc7L2rYEY60LZuhtx8h+T/KIvoNUemBr4OOgjdX3RQaeoI8pUbKr2cy9HALiGtt4sCuM9dLL6jTKpVBxks7rv1CvYqqE8/tw== tanshu@buttercup 2020.05.26"