Added the public keys of knox and buttercup as well

Disabled password logins to harden the system

docker/bake-pies.yml

@@ -59,6 +59,33 @@
         line: "{{ peitho_key }}"
       when: peithokey_test.stdout == "0"
 
+    - name: Check Knox public key
+      shell: "grep -c \"{{ knox_key }}\" /home/pi/.ssh/authorized_keys || true"
+      register: knoxkey_test
+
+    - name: Add Knox public key
+      lineinfile:
+        dest: /home/pi/.ssh/authorized_keys
+        line: "{{ knox_key }}"
+      when: knoxkey_test.stdout == "0"
+
+    - name: Check Buttercup public key
+      shell: "grep -c \"{{ buttercup_key }}\" /home/pi/.ssh/authorized_keys || true"
+      register: buttercupkey_test
+
+    - name: Add Buttercup public key
+      lineinfile:
+        dest: /home/pi/.ssh/authorized_keys
+        line: "{{ buttercup_key }}"
+      when: buttercupkey_test.stdout == "0"
+
+    - name: Update the sshd config file to disable password logins
+      replace:
+        path: /etc/ssh/sshd_config
+        regexp: '(\s+)#PasswordAuthentication yes(\s+.*)?$'
+        replace: "\\1PasswordAuthentication no\\2"
+        backup: yes
+
     - name: Check if .ssh config file exists
       stat:
         path: /home/pi/.ssh/config
@@ -93,7 +120,6 @@
       become: yes
       become_user: pi
       shell: ssh-keygen -t rsa -b 4096 -q -f /home/pi/.ssh/id_rsa -C "pi@{{ hostname }} $(date '+%Y.%m.%d')" -N ""
-#      shell: ssh-keygen -t rsa -b 4096 -q -f /home/pi/.ssh/id_rsa -C "$(whoami)@$(hostname) $(date '+%Y.%m.%d')" -N ""
 
     - name: Install Docker
       shell: curl -sSL https://get.docker.com | sh
@@ -136,7 +162,7 @@
         state: started
         name: knox-redis-tunnel
 
-    - name: install knox-redis-tunnel systemd unit file
+    - name: install gotthard systemd unit file
       template:
         src: "files/gotthard.service"
         dest: "/etc/systemd/system/gotthard.service"