From 50d5c7d634efec613dc8927d6316dfe7c32e5b4a Mon Sep 17 00:00:00 2001
From: Lars Beckers <lars.beckers@rwth-aachen.de>
Date: Wed, 24 Jun 2015 18:03:43 +0159
Subject: [PATCH] add key removal facility

---
 common/files/keys-removed/.empty |  0
 common/tasks/sshd.yml            | 18 +++++++++++++-----
 2 files changed, 13 insertions(+), 5 deletions(-)
 create mode 100644 common/files/keys-removed/.empty

diff --git a/common/files/keys-removed/.empty b/common/files/keys-removed/.empty
new file mode 100644
index 0000000..e69de29
diff --git a/common/tasks/sshd.yml b/common/tasks/sshd.yml
index ab8f25a..933e409 100644
--- a/common/tasks/sshd.yml
+++ b/common/tasks/sshd.yml
@@ -4,7 +4,7 @@
 - name: ensure sshd is installed
   apt:  name=openssh-server state=latest
   tags:
-    - sshd
+    - ssh
     - packages 
 
 - name: ensure sshd configured
@@ -12,7 +12,7 @@
   notify:
     - restart sshd
   tags:
-    - sshd
+    - ssh
     - config
 
 - name: ensure home dir creation on first login
@@ -20,13 +20,13 @@
   notify:
     - restart sshd
   tags:
-    - sshd
+    - ssh
     - config
 
 - name: ensure sshd is running and enabled
   service: name=ssh state=running enabled=yes
   tags:
-    - sshd
+    - ssh
     - service
 
 - name: ensure every ssh-key is installed
@@ -34,5 +34,13 @@
   with_fileglob:
     - keys/*.pub
   tags:
-    - sshd
+    - ssh
+    - root
+
+- name: ensure old ssh-keys are removed
+  authorized_key: user=root key="{{ lookup('file', item) }}" state=absent
+  with_fileglob:
+    - keys-removed/*.pub
+  tags:
+    - ssh
     - root
-- 
GitLab