feat(preinstall_config): Add preinstall_config_leave_my_keys_alone …

…to allow for user's to completely mange SSH keys
jhampson-dbre · Jun 27, 2022 · 4d57f46 · 4d57f46
1 parent e019926
commit 4d57f46
Show file tree

Hide file tree

Showing 4 changed files with 62 additions and 61 deletions.
diff --git a/roles/preinstall_config/README.md b/roles/preinstall_config/README.md
@@ -35,6 +35,12 @@ home_assistant_user: homeassistant
 # When set to true, set the ipv4 address in /etc/hosts
 # When set to false, 127.0.1.1 will be set in /etc/hosts
 has_reserved_ip: false
+
+# Use this option when you want full control over creating SSH keys and
+# configuring them for uses with Ansible.
+# When set to true, the role will not attempt to create SSH keys
+# or add existing keys to home_assistant_user's authorized keys.
+preinstall_config_leave_my_keys_alone: false
 ```
 
 Dependencies

diff --git a/roles/preinstall_config/defaults/main.yml b/roles/preinstall_config/defaults/main.yml
@@ -1,3 +1,4 @@
 ---
 home_assistant_user: homeassistant
-has_reserved_ip: false
+has_reserved_ip: false
+preinstall_config_leave_my_keys_alone: false
diff --git a/roles/preinstall_config/tasks/main.yml b/roles/preinstall_config/tasks/main.yml
@@ -30,66 +30,9 @@
       - sudo
     append: yes
 
-- name: Ensure ssh directory exists for current user on the control machine
-  file:
-    path: "{{ lookup('env','HOME') + '/.ssh' }}"
-    mode: "0700"
-  become: no
-  delegate_to: localhost
-  run_once: true
-
-- name: Check if controller SSH private key exists
-  stat:
-    path: "{{ lookup('env','HOME') + '/.ssh/id_rsa' }}"
-  register: existing_ssh_key
-  become: no
-  delegate_to: localhost
-  run_once: true
-
-- name: Check if controller SSH public key available
-  stat:
-    path: "{{ lookup('env','HOME') + '/.ssh/id_rsa.pub' }}"
-  register: existing_ssh_pubkey
-  become: no
-  delegate_to: localhost
-  run_once: true
-
-- name: Backup existing SSH private key if we need new keys
-  copy:
-    src: "{{ lookup('env','HOME') + '/.ssh/id_rsa' }}"
-    dest: "{{ lookup('env','HOME') + '/.ssh/id_rsa.bak' }}"
-    backup: yes
-    mode: '0600'
-  when: existing_ssh_key.stat.exists and not existing_ssh_pubkey.stat.exists
-  become: no
-  delegate_to: localhost
-  run_once: true
-
-- name: Backup existing SSH pub key if we need new keys
-  copy:
-    src: "{{ lookup('env','HOME') + '/.ssh/id_rsa.pub' }}"
-    dest: "{{ lookup('env','HOME') + '/.ssh/id_rsa.pub.bak' }}"
-    backup: yes
-    mode: '0600'
-  when: not existing_ssh_key.stat.exists and existing_ssh_pubkey.stat.exists
-  become: no
-  delegate_to: localhost
-  run_once: true
-
-- name: Create SSH key pair on the control machine to connect using home assistant user
-  openssh_keypair:
-    path: "{{ lookup('env','HOME') + '/.ssh/id_rsa' }}"
-    comment: "homeassistant"
-  when: not existing_ssh_pubkey.stat.exists or not existing_ssh_key.stat.exists
-  become: no
-  delegate_to: localhost
-  run_once: true
-
-- name: Add public key to home assistant user authorized keys
-  authorized_key:
-    user: "{{ home_assistant_user }}"
-    state: present
-    key: "{{ lookup('file', lookup('env', 'HOME') + '/.ssh/id_rsa.pub') }}"
+- name: Import ssh key tasks
+  ansible.builtin.import_tasks: ssh_keys.yml
+  when: not preinstall_config_leave_my_keys_alone | bool
 
 - name: Enable passwordless sudo
   lineinfile:

diff --git a/roles/preinstall_config/tasks/ssh_keys.yml b/roles/preinstall_config/tasks/ssh_keys.yml
@@ -0,0 +1,51 @@
+- name: Ensure ssh directory exists for current user on the control machine
+  file:
+    path: "{{ lookup('env','HOME') + '/.ssh' }}"
+    mode: "0700"
+  become: no
+  delegate_to: localhost
+  run_once: true
+
+- name: Check if SSH keypair already exists
+  stat:
+    path: "{{ key_file }}"
+  register: existing_ssh_key
+  become: no
+  delegate_to: localhost
+  run_once: true
+  loop:
+    - "{{ lookup('env','HOME') + '/.ssh/id_rsa' }}"
+    - "{{ lookup('env','HOME') + '/.ssh/id_rsa.pub' }}"
+  loop_control:
+    loop_var: key_file
+
+- name: Backup existing SSH private key if we need new keys
+  copy:
+    src: "{{ lookup('env','HOME') + '/.ssh/id_rsa' }}"
+    dest: "{{ lookup('env','HOME') + '/.ssh/id_rsa.bak' }}"
+    backup: yes
+    mode: '0600'
+  loop: "{{ existing_ssh_key.results }}"
+  loop_control:
+    loop_var: key_file
+  when: key_file.stat.exists|bool
+  become: no
+  delegate_to: localhost
+  run_once: true
+
+- name: Create SSH key pair on the control machine to connect using home assistant user
+  openssh_keypair:
+    path: "{{ lookup('env','HOME') + '/.ssh/id_rsa' }}"
+    comment: "homeassistant"
+  when: >-
+    not existing_ssh_key.results[0].stat.exists | bool
+    or not existing_ssh_key.results[1].stat.exists | bool
+  become: no
+  delegate_to: localhost
+  run_once: true
+
+- name: Add public key to home assistant user authorized keys
+  authorized_key:
+    user: "{{ home_assistant_user }}"
+    state: present
+    key: "{{ lookup('file', lookup('env', 'HOME') + '/.ssh/id_rsa.pub') }}"