From 99fb36ec56812f6d384e13def8549b7091971f90 Mon Sep 17 00:00:00 2001
From: Ethan Paul <e@enp.one>
Date: Sun, 1 Sep 2019 13:57:23 -0400
Subject: [PATCH] Move sshkey updates to a dedicated deployment playbook

Import deploy sshkey playbook in update users
---
 playbooks/deploy-sshkeys.yml     | 31 +++++++++++++++++++++++++++++++
 playbooks/update-users-local.yml | 26 +-------------------------
 2 files changed, 32 insertions(+), 25 deletions(-)
 create mode 100644 playbooks/deploy-sshkeys.yml

diff --git a/playbooks/deploy-sshkeys.yml b/playbooks/deploy-sshkeys.yml
new file mode 100644
index 0000000..6ae1bb6
--- /dev/null
+++ b/playbooks/deploy-sshkeys.yml
@@ -0,0 +1,31 @@
+---
+- hosts: all
+  name: Update ssh keys on all devices
+  tasks:
+    - import_tasks: tasks/users-preprocessing.yml
+
+    - name: Install public keys
+      tags: users_keys
+      become: true
+      block:
+        - name: Ensure SSH directory exists
+          file:
+            state: directory
+            path: /home/{{ item.name }}/.ssh
+          loop: "{{ local_users | difference([None]) }}"
+        - name: Put keys on remote
+          when: item.keys != []
+          authorized_key:
+            user: "{{ item.name }}"
+            key: "{{ item.sshkeys | join('\n') }}"
+            state: present
+            exclusive: yes
+          loop: "{{ local_users | difference([None]) }}"
+
+- hosts: all
+  name: Disable SSH password authentication
+  tags:
+    - always
+  tasks:
+    - import_tasks: tasks/sshd/disable-password-auth.yml
+      when: enable_ssh_password_auth|bool == false
diff --git a/playbooks/update-users-local.yml b/playbooks/update-users-local.yml
index d85608e..d757f06 100644
--- a/playbooks/update-users-local.yml
+++ b/playbooks/update-users-local.yml
@@ -112,24 +112,6 @@
         - name: Restart dconf database
           shell: dconf update
 
-    - name: Install public keys
-      tags: users_keys
-      become: true
-      block:
-        - name: Ensure SSH directory exists
-          file:
-            state: directory
-            path: /home/{{ item.name }}/.ssh
-          loop: "{{ local_users | difference([None]) }}"
-        - name: Put keys on remote
-          when: item.keys != []
-          authorized_key:
-            user: "{{ item.name }}"
-            key: "{{ item.sshkeys | join('\n') }}"
-            state: present
-            exclusive: yes
-          loop: "{{ local_users | difference([None]) }}"
-
     - name: Ensure proper ownership of user home directories
       become: true
       file:
@@ -140,10 +122,4 @@
         state: directory
       loop: "{{ local_users | difference([None]) }}"
 
-- hosts: all
-  name: Disable SSH password authentication
-  tags:
-    - always
-  tasks:
-    - import_tasks: tasks/sshd/disable-password-auth.yml
-      when: enable_ssh_password_auth|bool == false
+- import_playbook: deploy-sshkeys.yml