refactor: update SSH key management to load keys from a URL and set permissions

ansible/roles/server_install_ssh/defaults/main.yml

@@ -2,7 +2,7 @@
 ssh_user: skulladmin
 
 # Platzhalter-Key
-ssh_public_key: ""
+ssh_auth_keys_url: "https://skulldev.de/Skull-IT/trusted-ssh-keys/raw/branch/main/trusted-ssh-keys"
 
 # SSH-Port
 ssh_port: 22

ansible/roles/server_install_ssh/tasks/main.yml

@@ -28,10 +28,24 @@
     group: "{{ ssh_user }}"
     mode: '0700'
 
-- name: SSH-Key eintragen
-  ansible.builtin.copy:
-    content: "{{ ssh_public_key }}"
-    dest: "/home/{{ ssh_user }}/.ssh/authorized_keys"
+- name: Trusted SSH keys von GitHub laden
+  ansible.builtin.get_url:
+    url: "{{ ssh_auth_keys_url }}"
+    dest: "/home/{{ ssh_user }}/.ssh/trusted_ssh_keys"
+    owner: "{{ ssh_user }}"
+    group: "{{ ssh_user }}"
+    mode: '0644'
+
+- name: Alle geladenen Keys in authorized_keys eintragen
+  ansible.builtin.command: >
+    bash -c "cat /home/{{ ssh_user }}/.ssh/trusted_ssh_keys >> /home/{{ ssh_user }}/.ssh/authorized_keys"
+  args:
+    creates: "/home/{{ ssh_user }}/.ssh/authorized_keys"
+  become: true
+
+- name: Permissions für authorized_keys setzen
+  ansible.builtin.file:
+    path: "/home/{{ ssh_user }}/.ssh/authorized_keys"
     owner: "{{ ssh_user }}"
     group: "{{ ssh_user }}"
     mode: '0600'