Merge pull request #38 from hackerspace-ntnu/restructure-ssh-keys

setup new structure for ssh keys for all servers

.github/workflows/dingseboms.yml

@@ -0,0 +1,21 @@
+name: Update keys for dingseboms
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - "keys/dingseboms/**"
+  workflow_dispatch:
+
+jobs:
+  run-keys-script:
+    name: Update authorized_keys on dingseboms
+    uses: ./.github/workflows/update-keys.yml
+    with:
+      environment: dingseboms
+    secrets:
+      host: ${{ secrets.ssh_host }}
+      port: ${{ secrets.ssh_port }}
+      key: ${{ secrets.ssh_key }}
+      username: ${{ secrets.username }}

.github/workflows/duppeditt.yml

@@ -0,0 +1,21 @@
+name: Update keys for duppeditt
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - "keys/duppeditt/**"
+  workflow_dispatch:
+
+jobs:
+  run-keys-script:
+    name: Update authorized_keys on duppeditt
+    uses: ./.github/workflows/update-keys.yml
+    with:
+      environment: duppeditt
+    secrets:
+      host: ${{ secrets.ssh_host }}
+      port: ${{ secrets.ssh_port }}
+      key: ${{ secrets.ssh_key }}
+      username: ${{ secrets.username }}

.github/workflows/gluteus.yml

@@ -0,0 +1,21 @@
+name: Update keys for gluteus
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - "keys/gluteus/**"
+  workflow_dispatch:
+
+jobs:
+  run-keys-script:
+    name: Update authorized_keys on gluteus
+    uses: ./.github/workflows/update-keys.yml
+    with:
+      environment: gluteus
+    secrets:
+      host: ${{ secrets.HOST }}
+      port: ${{ secrets.PORT }}
+      key: ${{ secrets.KEY }}
+      username: ${{ secrets.USERNAME }}

.github/workflows/meieri.yml

@@ -0,0 +1,21 @@
+name: Update keys for meieri
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - "keys/meieri/**"
+  workflow_dispatch:
+
+jobs:
+  run-keys-script:
+    name: Update authorized_keys on meieri
+    uses: ./.github/workflows/update-keys.yml
+    with:
+      environment: meieri
+    secrets:
+      host: ${{ secrets.HOST }}
+      port: ${{ secrets.PORT }}
+      key: ${{ secrets.KEY }}
+      username: ${{ secrets.USERNAME }}

.github/workflows/noodlebar.yml

@@ -0,0 +1,21 @@
+name: Update keys for noodlebar
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - "keys/noodlebar/**"
+  workflow_dispatch:
+
+jobs:
+  run-keys-script:
+    name: Update authorized_keys on noodlebar
+    uses: ./.github/workflows/update-keys.yml
+    with:
+      environment: noodlebar
+    secrets:
+      host: ${{ secrets.HOST }}
+      port: ${{ secrets.PORT }}
+      key: ${{ secrets.KEY }}
+      username: ${{ secrets.USERNAME }}

.github/workflows/phoenix.yml

@@ -0,0 +1,21 @@
+name: Update keys for phoenix
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - "keys/phoenix/**"
+  workflow_dispatch:
+
+jobs:
+  run-keys-script:
+    name: Update authorized_keys on phoenix
+    uses: ./.github/workflows/update-keys.yml
+    with:
+      environment: phoenix
+    secrets:
+      host: ${{ secrets.HOST }}
+      port: ${{ secrets.PORT }}
+      key: ${{ secrets.KEY }}
+      username: ${{ secrets.USERNAME }}

.github/workflows/update-keys.yaml → .github/workflows/update-keys.yml

@@ -18,22 +18,31 @@ on:
 
 env:
   SSH_KEY_REPO: https://github.com/hackerspace-ntnu/ssh-keys.git
-  LOCAL_SSH_KEYS: ~/.ssh/local_authorized_keys
 
 jobs:
   update-keys:
     name: Update SSH keys
     runs-on: ubuntu-latest
     environment: ${{ inputs.environment }}
     steps:
-      - uses: appleboy/ssh-action@v0.1.4
+      - uses: appleboy/ssh-action@latest
         with:
           host: ${{ secrets.host }}
           port: ${{ secrets.port }}
           key: ${{ secrets.key }}
           username: ${{ secrets.username }}
           script: |
+            set -e
+            trap 'rm -rf /tmp/ssh-keys' EXIT
             git clone ${{ env.SSH_KEY_REPO }} /tmp/ssh-keys
             cd /tmp/ssh-keys
-            SSH_KEY_REPO=${{ env.SSH_KEY_REPO }} LOCAL_SSH_KEYS=${{ env.LOCAL_SSH_KEYS }} ./scripts/update_ssh_keys.sh /tmp/ssh-keys/keys
+            touch authorized_keys.tmp
+            echo "" >> authorized_keys.tmp
+            for f in $(find keys/${{ inputs.environment }} -type f -name "*.pub"); do
+              echo "# $(basename $f)" >> authorized_keys.tmp
+              cat $f >> authorized_keys.tmp
+              echo "" >> authorized_keys.tmp
+            done
+            cp authorized_keys.tmp $HOME/.ssh/authorized_keys
+            chmod 644 $HOME/.ssh/authorized_keys
             rm -r /tmp/ssh-keys

CODEOWNERS

@@ -1,4 +1,4 @@
-# This file defines the DevOps and Ledelsen teams as code owners for all files
+# This file defines the DevOps teams as code owners for all files
 # Reviews from code owners are mandatory to merge pull requests to this repository
 # Essentially, this means DevOps and the organization leaders are the only ones who can manage authorized SSH keys on the servers
-* @hackerspace-ntnu/DevOps @hackerspace-ntnu/Ledelsen
+* @hackerspace-ntnu/DevOps

keys/duppeditt/AlexanderMoltu.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDSOEhyJ6KPA8dA8ySKhHRpbNMIdnIq5jSg7JiaBzoQlbGHv/miUun0GOsFjbLq42Iv8YWbQGQh4NpSklwF4yrW3Iw2KzRhK52ns9jnAHqygXDiE3hNykspbj+LDlR0aCKelUlpoINYfWJRJRr9YRYIKTo43fTIek8Ehx3eGrbPYyDcBGt9ZYHct+doiWyWtKronsOWp+5QBljXnDC5i31IO6me96hRvLmPrJuSa+Nh6DbnqBjz3VBf/Y/0l61ocCku8iSS0HrOoh8GPzQOzFRGGIUZzcM27Yb2YezPsle+VHVuylpeD59f5Y5PcPI9QMAXsRe6xBO8SjtPOBIDAZ1ZWPI5zT+DqITTAZvyIFfl+KMgPQTEnt9rVBo9g3g90Qr9QcMEGwkLyGQuGxhxguCLAWKACH76XAt0bYyGSi7/GoFPeM8WMFnnff/R9KGr28/WNr7+Lxhq0V4Xg9Q4CJJO2AYCQwhBFDjve0j7B8ixTpKvYvMQ2rUp80uRk6hJ8tc= alexamol@alexamol-UX430UQ

keys/duppeditt/Davidspilde.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDGBZLdJU3opaY0QHL+TdY8GhHBHlCxKZMjXLCoru0bX8owRpHwOS/LxkxvL9KzBwhoA3SY7nnXkJB0md2fk+kAkK7BFTZY/aiEB6bDMWFZLUpbX5lzIXmT4MYk4336dddI8835SAI1bmLjzXEvRe4y6RnQpY8IRoxidIUqycwPkIZasTWthrDRJPnnqSHhKIzNS+6XOgnQGVggN2SPsnjnN20SXClGGeIXtrdmtM64YBy4zAPFKH7+waOX1maNd1xt7jt1BwpdeY70ka/RdYnKJ/gVa/iSq+1CKzRLZd7dmIQOnJHG5iMehapVGVA1xBg4NCQIP9bojyw/hDidLwKFN9bndAAVYXl7gmRqNUs1wb2TJ74eDk4jS1yOraUmskIMZwq2LZkrmm3Mi6dpPduVy7JmoC+l8bc95DYStlUwoXyRDJ570svgiSjDZU5gdJMfHvzkjD+tr2sY2Eo2j5GoWusKhc0B1ogHYOrRw/hHaZuIshvCLCob2t925B3u8Z0

keys/duppeditt/cjgutz.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCq2zMWrzJewbl8Pa66cE7mm9BCScEEiyJBCE5ODpxxEj2L5PcAfBV68PujpP+5nL0FbEMGjWVQXqUDpnzsG1i3ug8J7kU9ifFJLzfPY5aLSEbLqxfQvIzRamPivcQMYGLssu+/29/5fA0E1tekhAPHjRJZO8y7GlGdIx2n3XJm9MzTE3VoQr42SreKqJgT8YbYqqu4EEIeTa4Lq2CL3wnP08mradHgl23HXn5VBv7r3j4xrhYcN3qpjJCmO+Q9CElsK3u3ZT/PpExYgHVaPaQCtTJDw3ZO4wnM7EzmJHmxLtmZwRENHrnUnRaI+z4SEyOlImmkewBJATTGMCWuSsWV cjgut@CJ-YOGA

keys/duppeditt/id_michael.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCmafX1tREISZ9YLSZfdRlOQwk9aI5IPcbOuN7L1x8rXSUGQbSfBLqTv6kQOpoRachahD1Aw92pYZEXRJcQrQWFNj3MGvLA5c6nNRqF7ZrVggamg1+lg/UL+zXZPxTo/KqUn66p8h+lL+42nCfVazOI8xcBAMfbpQDq/Lqt//fqBEygLob1PzTefRekYXgqZz02n7ZL6h8iO2KYdNzI3lQ3DmriqT9TkwjHn2Roh2d6H3v57HX3doYM2hq5uixaiRN4nMOpUIFWiPl6sChtMZOoyxnuk7XqmWzPAhJwk7C/N/qL3U3CH+DpwrnLuRfjSNhk93ZFLJMPbuD6Q7u5zdqP92VAMVuIZVm89PHVtPa2hJFg2vb5YXfzBkeKkrkQVRaR6w+4WY5GNuzMuQ10M1ocRk3fybKUO3oPuX9KN2MCf7b4XhzbCzbKKQTuyJb/CL06/1gFiYJ5U4bt7Tq9PRuFIUzMb2K42N0nys5HRV11r2fLyaAQ7Zvf70tlr1nlYClUvhiQigLKDOxqfNhRcHa9jka5lfxqI4x115HNS+xbP/oM4Zaq7g4os3Mne2vgqrXwi8ZmuoMol3y3GwGGux2pu7NcFpXYP2RKcJr/TnhRZKaDWjnLdqugfNuaGBg9rAFwqsK2Cd7+oTLisup361U61rDO4tSXP33eEuVGdrPpMw== hackerspace

keys/gluteus/id_gluteus.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEZXKf6PkSSyKprTST4roDvQquYLilhGP79DRaciB+9P gluteus

keys/gluteus/id_michael.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCmafX1tREISZ9YLSZfdRlOQwk9aI5IPcbOuN7L1x8rXSUGQbSfBLqTv6kQOpoRachahD1Aw92pYZEXRJcQrQWFNj3MGvLA5c6nNRqF7ZrVggamg1+lg/UL+zXZPxTo/KqUn66p8h+lL+42nCfVazOI8xcBAMfbpQDq/Lqt//fqBEygLob1PzTefRekYXgqZz02n7ZL6h8iO2KYdNzI3lQ3DmriqT9TkwjHn2Roh2d6H3v57HX3doYM2hq5uixaiRN4nMOpUIFWiPl6sChtMZOoyxnuk7XqmWzPAhJwk7C/N/qL3U3CH+DpwrnLuRfjSNhk93ZFLJMPbuD6Q7u5zdqP92VAMVuIZVm89PHVtPa2hJFg2vb5YXfzBkeKkrkQVRaR6w+4WY5GNuzMuQ10M1ocRk3fybKUO3oPuX9KN2MCf7b4XhzbCzbKKQTuyJb/CL06/1gFiYJ5U4bt7Tq9PRuFIUzMb2K42N0nys5HRV11r2fLyaAQ7Zvf70tlr1nlYClUvhiQigLKDOxqfNhRcHa9jka5lfxqI4x115HNS+xbP/oM4Zaq7g4os3Mne2vgqrXwi8ZmuoMol3y3GwGGux2pu7NcFpXYP2RKcJr/TnhRZKaDWjnLdqugfNuaGBg9rAFwqsK2Cd7+oTLisup361U61rDO4tSXP33eEuVGdrPpMw== hackerspace

keys/meieri/id_meieri.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPfSDNE6Zj+gqPrTZeQva7WsKyUNinUYYoPbOR1FKp6O meieri

keys/meieri/id_michael.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCmafX1tREISZ9YLSZfdRlOQwk9aI5IPcbOuN7L1x8rXSUGQbSfBLqTv6kQOpoRachahD1Aw92pYZEXRJcQrQWFNj3MGvLA5c6nNRqF7ZrVggamg1+lg/UL+zXZPxTo/KqUn66p8h+lL+42nCfVazOI8xcBAMfbpQDq/Lqt//fqBEygLob1PzTefRekYXgqZz02n7ZL6h8iO2KYdNzI3lQ3DmriqT9TkwjHn2Roh2d6H3v57HX3doYM2hq5uixaiRN4nMOpUIFWiPl6sChtMZOoyxnuk7XqmWzPAhJwk7C/N/qL3U3CH+DpwrnLuRfjSNhk93ZFLJMPbuD6Q7u5zdqP92VAMVuIZVm89PHVtPa2hJFg2vb5YXfzBkeKkrkQVRaR6w+4WY5GNuzMuQ10M1ocRk3fybKUO3oPuX9KN2MCf7b4XhzbCzbKKQTuyJb/CL06/1gFiYJ5U4bt7Tq9PRuFIUzMb2K42N0nys5HRV11r2fLyaAQ7Zvf70tlr1nlYClUvhiQigLKDOxqfNhRcHa9jka5lfxqI4x115HNS+xbP/oM4Zaq7g4os3Mne2vgqrXwi8ZmuoMol3y3GwGGux2pu7NcFpXYP2RKcJr/TnhRZKaDWjnLdqugfNuaGBg9rAFwqsK2Cd7+oTLisup361U61rDO4tSXP33eEuVGdrPpMw== hackerspace

keys/noodlebar/id_michael.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCmafX1tREISZ9YLSZfdRlOQwk9aI5IPcbOuN7L1x8rXSUGQbSfBLqTv6kQOpoRachahD1Aw92pYZEXRJcQrQWFNj3MGvLA5c6nNRqF7ZrVggamg1+lg/UL+zXZPxTo/KqUn66p8h+lL+42nCfVazOI8xcBAMfbpQDq/Lqt//fqBEygLob1PzTefRekYXgqZz02n7ZL6h8iO2KYdNzI3lQ3DmriqT9TkwjHn2Roh2d6H3v57HX3doYM2hq5uixaiRN4nMOpUIFWiPl6sChtMZOoyxnuk7XqmWzPAhJwk7C/N/qL3U3CH+DpwrnLuRfjSNhk93ZFLJMPbuD6Q7u5zdqP92VAMVuIZVm89PHVtPa2hJFg2vb5YXfzBkeKkrkQVRaR6w+4WY5GNuzMuQ10M1ocRk3fybKUO3oPuX9KN2MCf7b4XhzbCzbKKQTuyJb/CL06/1gFiYJ5U4bt7Tq9PRuFIUzMb2K42N0nys5HRV11r2fLyaAQ7Zvf70tlr1nlYClUvhiQigLKDOxqfNhRcHa9jka5lfxqI4x115HNS+xbP/oM4Zaq7g4os3Mne2vgqrXwi8ZmuoMol3y3GwGGux2pu7NcFpXYP2RKcJr/TnhRZKaDWjnLdqugfNuaGBg9rAFwqsK2Cd7+oTLisup361U61rDO4tSXP33eEuVGdrPpMw== hackerspace

keys/noodlebar/id_noodlebar.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOJd4yWuHQRLnzLDezcMTnZTQLhdrjl27JtrXaG80VES noodlebar

keys/phoenix/id_michael.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCmafX1tREISZ9YLSZfdRlOQwk9aI5IPcbOuN7L1x8rXSUGQbSfBLqTv6kQOpoRachahD1Aw92pYZEXRJcQrQWFNj3MGvLA5c6nNRqF7ZrVggamg1+lg/UL+zXZPxTo/KqUn66p8h+lL+42nCfVazOI8xcBAMfbpQDq/Lqt//fqBEygLob1PzTefRekYXgqZz02n7ZL6h8iO2KYdNzI3lQ3DmriqT9TkwjHn2Roh2d6H3v57HX3doYM2hq5uixaiRN4nMOpUIFWiPl6sChtMZOoyxnuk7XqmWzPAhJwk7C/N/qL3U3CH+DpwrnLuRfjSNhk93ZFLJMPbuD6Q7u5zdqP92VAMVuIZVm89PHVtPa2hJFg2vb5YXfzBkeKkrkQVRaR6w+4WY5GNuzMuQ10M1ocRk3fybKUO3oPuX9KN2MCf7b4XhzbCzbKKQTuyJb/CL06/1gFiYJ5U4bt7Tq9PRuFIUzMb2K42N0nys5HRV11r2fLyaAQ7Zvf70tlr1nlYClUvhiQigLKDOxqfNhRcHa9jka5lfxqI4x115HNS+xbP/oM4Zaq7g4os3Mne2vgqrXwi8ZmuoMol3y3GwGGux2pu7NcFpXYP2RKcJr/TnhRZKaDWjnLdqugfNuaGBg9rAFwqsK2Cd7+oTLisup361U61rDO4tSXP33eEuVGdrPpMw== hackerspace

keys/phoenix/id_phoenix.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP0pJYPcK2HnboBwNGE151YPUuEl2C2qJTuSebGhTa3N phoenix