diff --git a/roles/preinstall_config/README.md b/roles/preinstall_config/README.md index c4940a1..d176ee9 100644 --- a/roles/preinstall_config/README.md +++ b/roles/preinstall_config/README.md @@ -35,6 +35,12 @@ home_assistant_user: homeassistant # When set to true, set the ipv4 address in /etc/hosts # When set to false, 127.0.1.1 will be set in /etc/hosts has_reserved_ip: false + +# Use this option when you want full control over creating SSH keys and +# configuring them for uses with Ansible. +# When set to true, the role will not attempt to create SSH keys +# or add existing keys to home_assistant_user's authorized keys. +preinstall_config_leave_my_keys_alone: false ``` Dependencies diff --git a/roles/preinstall_config/defaults/main.yml b/roles/preinstall_config/defaults/main.yml index d7a10bd..89200bd 100644 --- a/roles/preinstall_config/defaults/main.yml +++ b/roles/preinstall_config/defaults/main.yml @@ -1,3 +1,4 @@ --- home_assistant_user: homeassistant -has_reserved_ip: false \ No newline at end of file +has_reserved_ip: false +preinstall_config_leave_my_keys_alone: false diff --git a/roles/preinstall_config/tasks/main.yml b/roles/preinstall_config/tasks/main.yml index 27c95bf..c9bf9ff 100644 --- a/roles/preinstall_config/tasks/main.yml +++ b/roles/preinstall_config/tasks/main.yml @@ -30,66 +30,9 @@ - sudo append: yes -- name: Ensure ssh directory exists for current user on the control machine - file: - path: "{{ lookup('env','HOME') + '/.ssh' }}" - mode: "0700" - become: no - delegate_to: localhost - run_once: true - -- name: Check if controller SSH private key exists - stat: - path: "{{ lookup('env','HOME') + '/.ssh/id_rsa' }}" - register: existing_ssh_key - become: no - delegate_to: localhost - run_once: true - -- name: Check if controller SSH public key available - stat: - path: "{{ lookup('env','HOME') + '/.ssh/id_rsa.pub' }}" - register: existing_ssh_pubkey - become: no - delegate_to: localhost - run_once: true - -- name: Backup existing SSH private key if we need new keys - copy: - src: "{{ lookup('env','HOME') + '/.ssh/id_rsa' }}" - dest: "{{ lookup('env','HOME') + '/.ssh/id_rsa.bak' }}" - backup: yes - mode: '0600' - when: existing_ssh_key.stat.exists and not existing_ssh_pubkey.stat.exists - become: no - delegate_to: localhost - run_once: true - -- name: Backup existing SSH pub key if we need new keys - copy: - src: "{{ lookup('env','HOME') + '/.ssh/id_rsa.pub' }}" - dest: "{{ lookup('env','HOME') + '/.ssh/id_rsa.pub.bak' }}" - backup: yes - mode: '0600' - when: not existing_ssh_key.stat.exists and existing_ssh_pubkey.stat.exists - become: no - delegate_to: localhost - run_once: true - -- name: Create SSH key pair on the control machine to connect using home assistant user - openssh_keypair: - path: "{{ lookup('env','HOME') + '/.ssh/id_rsa' }}" - comment: "homeassistant" - when: not existing_ssh_pubkey.stat.exists or not existing_ssh_key.stat.exists - become: no - delegate_to: localhost - run_once: true - -- name: Add public key to home assistant user authorized keys - authorized_key: - user: "{{ home_assistant_user }}" - state: present - key: "{{ lookup('file', lookup('env', 'HOME') + '/.ssh/id_rsa.pub') }}" +- name: Import ssh key tasks + ansible.builtin.import_tasks: ssh_keys.yml + when: not preinstall_config_leave_my_keys_alone | bool - name: Enable passwordless sudo lineinfile: diff --git a/roles/preinstall_config/tasks/ssh_keys.yml b/roles/preinstall_config/tasks/ssh_keys.yml new file mode 100644 index 0000000..4700c33 --- /dev/null +++ b/roles/preinstall_config/tasks/ssh_keys.yml @@ -0,0 +1,51 @@ +- name: Ensure ssh directory exists for current user on the control machine + file: + path: "{{ lookup('env','HOME') + '/.ssh' }}" + mode: "0700" + become: no + delegate_to: localhost + run_once: true + +- name: Check if SSH keypair already exists + stat: + path: "{{ key_file }}" + register: existing_ssh_key + become: no + delegate_to: localhost + run_once: true + loop: + - "{{ lookup('env','HOME') + '/.ssh/id_rsa' }}" + - "{{ lookup('env','HOME') + '/.ssh/id_rsa.pub' }}" + loop_control: + loop_var: key_file + +- name: Backup existing SSH private key if we need new keys + copy: + src: "{{ lookup('env','HOME') + '/.ssh/id_rsa' }}" + dest: "{{ lookup('env','HOME') + '/.ssh/id_rsa.bak' }}" + backup: yes + mode: '0600' + loop: "{{ existing_ssh_key.results }}" + loop_control: + loop_var: key_file + when: key_file.stat.exists|bool + become: no + delegate_to: localhost + run_once: true + +- name: Create SSH key pair on the control machine to connect using home assistant user + openssh_keypair: + path: "{{ lookup('env','HOME') + '/.ssh/id_rsa' }}" + comment: "homeassistant" + when: >- + not existing_ssh_key.results[0].stat.exists | bool + or not existing_ssh_key.results[1].stat.exists | bool + become: no + delegate_to: localhost + run_once: true + +- name: Add public key to home assistant user authorized keys + authorized_key: + user: "{{ home_assistant_user }}" + state: present + key: "{{ lookup('file', lookup('env', 'HOME') + '/.ssh/id_rsa.pub') }}"