mirror of
https://gitlab.archlinux.org/archlinux/infrastructure.git
synced 2024-05-10 17:46:28 +02:00
root_ssh: Support giving root access to only some hosts
This commit is contained in:
parent
08a77ae37d
commit
ea9f114de1
|
@ -13,13 +13,13 @@ sudo_users:
|
|||
|
||||
# deploy tag 'root_ssh' when this changes
|
||||
root_ssh_keys:
|
||||
- foutrelis.pub
|
||||
- freswa.pub
|
||||
- grazzolini.pub
|
||||
- heftig.pub
|
||||
- jelle.pub
|
||||
- svenstaro.pub
|
||||
- anthraxx.pub
|
||||
- key: foutrelis.pub
|
||||
- key: freswa.pub
|
||||
- key: grazzolini.pub
|
||||
- key: heftig.pub
|
||||
- key: jelle.pub
|
||||
- key: svenstaro.pub
|
||||
- key: anthraxx.pub
|
||||
|
||||
# run playbook 'playbooks/tasks/reencrypt-vault-key.yml' when this changes
|
||||
# before running it, make sure to gpg --lsign-key all of the below keys
|
||||
|
|
|
@ -1,4 +1,6 @@
|
|||
#jinja2: lstrip_blocks: True
|
||||
{% for user in root_ssh_keys | sort -%}
|
||||
{{ lookup('file', '../pubkeys/' + user) }}
|
||||
{% for user in root_ssh_keys | sort(attribute="key") -%}
|
||||
{% if not user.hosts or inventory_hostname in user.hosts -%}
|
||||
{{ lookup('file', '../pubkeys/' + user.key ) }}
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
|
|
Loading…
Reference in New Issue