Do not delete public keys from root account

The playbook initially deleted the public keys from root's authorized_keys after copying them to admin, but this prevents the playbook from running the "Ensure admin account is created" commands in subsequent runs. Therefore, we shouldn't delete them. In the long term, I would like to find a way to only attempt to run the root commands if it's not possible to ssh as admin. This is as I don't like the idea of root having direct ssh access.
author: Matthew Fennell <matthew@fennell.dev> 2024-03-03 13:28:32 +0000
committer: Matthew Fennell <matthew@fennell.dev> 2024-03-03 13:28:32 +0000
commit: 9cd901b9bdac1b96911cf3df79207c59e909de94 (patch)
tree: ce7854a3ce59c1db23e54e0b8e03d7101238d485
parent: b70fffe0fefe3b50161f95980b793b1bc8219727 (diff)
1 files changed, 0 insertions, 6 deletions
diff --git a/playbook.yaml b/playbook.yaml
index b972331..c4901ad 100644
--- a/playbook.yaml
+++ b/playbook.yaml
@@ -51,12 +51,6 @@
       group: admin
       mode: preserve
 
-   - name: Remove authorised keys from root account
-     remote_user: root
-     ansible.builtin.file:
-      path: /root/.ssh/authorized_keys
-      state: absent
-
    # We allow status code 400 here as this is returned by deSEC if the domain
    # already exists. Ideally, we should filter out genuinely good/bad requests
    # here using the response.
author	Matthew Fennell <matthew@fennell.dev>	2024-03-03 13:28:32 +0000
committer	Matthew Fennell <matthew@fennell.dev>	2024-03-03 13:28:32 +0000
commit	9cd901b9bdac1b96911cf3df79207c59e909de94 (patch)
tree	ce7854a3ce59c1db23e54e0b8e03d7101238d485
parent	b70fffe0fefe3b50161f95980b793b1bc8219727 (diff)