Per Device SSH-Keys

ansible/plays/common.yaml

@@ -13,13 +13,23 @@
         owner: root
         group: root
         mode: '0755'
-    - name: Deploy CI SSH-Key
+    - name: Obtain Machine Pubkey
+      delegate_to: localhost
+      become: false
+      changed_when: false
+      register: pubkey
+      community.crypto.openssl_publickey:
+        format: OpenSSH
+        path: "/tmp/{{ inventory_hostname }}.pub"
+        privatekey_path: "{{ ansible_ssh_private_key_file }}"
+        return_content: true
+    - name: Deploy Machine SSH-Key
       ansible.posix.authorized_key:
         user: "{{ ansible_user }}"
         state: present
         manage_dir: false
         path: "/etc/ssh/authorized_keys/{{ ansible_user }}"
-        key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII/2H7n27J7/xFAyQpE7r29UxTP5jttLRe6RhAC/Ndam drone-deploy"
+        key: "{{ pubkey.publickey }} drone-machine-deploy"
     - name: Deploy Common SSH-Keys
       ansible.posix.authorized_key:
         user: "{{ ansible_user }}"
@@ -292,3 +302,5 @@
     - setup_wireguard
     - setup_vpn
   ansible.builtin.import_playbook: vpn.yaml
+
+# vim: ft=yaml.ansible