From c1656f82ecf38e9dc467f9252c399cd485353b85 Mon Sep 17 00:00:00 2001
From: Tyler Hale <tyler@haletek.com>
Date: Tue, 23 Aug 2022 13:01:26 -0600
Subject: [PATCH] Adding option for secondary user to receive public keys

---
 README.md                     |  1 +
 roles/base/defaults/main.yml  |  3 +++
 roles/base/tasks/core_ssh.yml | 11 +++++++++++
 3 files changed, 15 insertions(+)

diff --git a/README.md b/README.md
index 4d932ce..29fc328 100644
--- a/README.md
+++ b/README.md
@@ -29,6 +29,7 @@ If the "base_core_hostname" variable is defined, it is recommended to set the an
 | base_core_root_ca_url                        | ""            |             | URL of a Root CA to install                                                |
 | base_core_ssh_permit_password_authentication | False         | True, False | Permits the use of passwords for ssh                                       |
 | base_core_ssh_permit_root_login              | False         | True, False | Permits the use of root logins for ssh                                     |
+| base_core_ssh_public_keys_user               | ""            |             | Added the public keys to an additional user if defined                     |
 | base_core_timezone                           | America/Boise |             | Defines the timezone to apply to the client                                |
 | base_core_web_management                     | False         | True, False | Enables installation of the Cockpit web management package(s)              |
 
diff --git a/roles/base/defaults/main.yml b/roles/base/defaults/main.yml
index 59f2428..2343b60 100644
--- a/roles/base/defaults/main.yml
+++ b/roles/base/defaults/main.yml
@@ -53,6 +53,9 @@ base_core_root_ca_url: ""
 # SSH
 # ===
 
+# Added the public keys to an additional user if defined
+base_core_ssh_public_keys_user: ""
+
 # Allow ssh root login
 base_core_ssh_permit_root_login: false
 
diff --git a/roles/base/tasks/core_ssh.yml b/roles/base/tasks/core_ssh.yml
index e8490a2..9231709 100644
--- a/roles/base/tasks/core_ssh.yml
+++ b/roles/base/tasks/core_ssh.yml
@@ -28,6 +28,17 @@
   tags:
   - authorized_key
 
+- name: Setup authorized keys for secondary user
+  authorized_key:
+    user: "{{ base_core_ssh_public_keys_user }}"
+    state: present
+    key: '{{ lookup("file", item) }}'
+  with_fileglob:
+    - "public_keys/*"
+  when: base_core_ssh_public_keys_user != ""
+  tags:
+  - authorized_key
+
 - name: Configure SSH root login
   lineinfile:
     path: /etc/ssh/sshd_config