From 9cd901b9bdac1b96911cf3df79207c59e909de94 Mon Sep 17 00:00:00 2001
From: Matthew Fennell <matthew@fennell.dev>
Date: Sun, 3 Mar 2024 13:28:32 +0000
Subject: Do not delete public keys from root account

The playbook initially deleted the public keys from root's authorized_keys
after copying them to admin, but this prevents the playbook from running the
"Ensure admin account is created" commands in subsequent runs. Therefore, we
shouldn't delete them.

In the long term, I would like to find a way to only attempt to run the root
commands if it's not possible to ssh as admin. This is as I don't like the idea
of root having direct ssh access.
---
 playbook.yaml | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/playbook.yaml b/playbook.yaml
index b972331..c4901ad 100644
--- a/playbook.yaml
+++ b/playbook.yaml
@@ -51,12 +51,6 @@
       group: admin
       mode: preserve
 
-   - name: Remove authorised keys from root account
-     remote_user: root
-     ansible.builtin.file:
-      path: /root/.ssh/authorized_keys
-      state: absent
-
    # We allow status code 400 here as this is returned by deSEC if the domain
    # already exists. Ideally, we should filter out genuinely good/bad requests
    # here using the response.
-- 
cgit v1.2.3