From 3662dea93870e19e37ba97cdba2d19edda26f758 Mon Sep 17 00:00:00 2001
From: Thomas Schneider <tschneider@asta.rwth-aachen.de>
Date: Mon, 31 Aug 2020 15:48:14 +0200
Subject: [PATCH] =?UTF-8?q?ssh-server:=20Use=20Proxmox=E2=80=99=20authoriz?=
 =?UTF-8?q?ed=5Fkeys=20files=20iff=20available?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 ssh-server/tasks/main.yml | 32 ++++++++++++++++++++++++++++++--
 1 file changed, 30 insertions(+), 2 deletions(-)

diff --git a/ssh-server/tasks/main.yml b/ssh-server/tasks/main.yml
index 60232a1..5ea696c 100644
--- a/ssh-server/tasks/main.yml
+++ b/ssh-server/tasks/main.yml
@@ -79,12 +79,30 @@
     - ssh
     - root
 
+- name: Check for Proxmox SSH keys
+  stat:
+    path: /etc/pve/priv/authorized_keys
+  register: pve_ssh_present
+  tags:
+    - ssh
+    - root
+
 # filename syntax: name.pub or name+dest_host_1,...,dest_host_n.pub
 - name: ensure our and only our keys are authorized for root
   assemble:
-    dest: /root/.ssh/authorized_keys
+    dest: >-
+      {% if pve_ssh_present.stat.exists -%}
+      /etc/pve/priv/authorized_keys
+      {%- else -%}
+      /root/.ssh/authorized_keys
+      {%- endif %}
     owner: root
-    group: root
+    group: >-
+      {% if pve_ssh_present.stat.exists -%}
+      www-data
+      {%- else -%}
+      root
+      {%- endif %}
     mode: '0600'
     remote_src: false
     src: "{{ ssh_authorized_keys }}"
@@ -95,6 +113,16 @@
     - ssh
     - root
 
+- name: Ensure Proxmox distributes the SSH keys
+  file:
+    path: /root/.ssh/authorized_keys
+    src: /etc/pve/priv/authorized_keys
+    state: link
+  when: pve_ssh_present.stat.exists
+  tags:
+    - ssh
+    - root
+
 - name: ensure we fail2ban bad people
   apt:
     name: fail2ban
-- 
GitLab