From 2b800e247cbb5b5e0ce2bbc8037b3b1107f83f68 Mon Sep 17 00:00:00 2001
From: Stefan Haun <tux@netz39.de>
Date: Sat, 23 Jul 2022 16:34:13 +0200
Subject: [PATCH] Set up sesam user for SSH entry

---
 files/platon/sesam-door-open.sh |  7 +++++++
 platon.yml                      | 17 +++++++++++++++++
 2 files changed, 24 insertions(+)
 create mode 100755 files/platon/sesam-door-open.sh

diff --git a/files/platon/sesam-door-open.sh b/files/platon/sesam-door-open.sh
new file mode 100755
index 0000000..5a3c18c
--- /dev/null
+++ b/files/platon/sesam-door-open.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+echo "`date` : $SSH_KEY_OWNER" >> /home/sesam/door_open.log
+ssh pi@localhost -i /home/sesam/.ssh/id_rsa  \
+    -t /home/pi/sesame-open.sh
+
+
diff --git a/platon.yml b/platon.yml
index 22d6f83..c22c3c3 100644
--- a/platon.yml
+++ b/platon.yml
@@ -28,3 +28,20 @@
         owner: root
         group: root
         mode: '0644'
+
+
+    ### Sesam for SSH access
+    #
+    # Make sure to provide the .ssh/authorized_keys from backup, if needed
+
+    - name: Ensure sesam user is there
+      ansible.builtin.user:
+        name: sesam
+        shell: /home/sesam/door-open.sh
+        groups: i2c
+        append: yes
+
+    - name: Copy door-open.ssh for sesam
+      ansible.builtin.copy:
+        src: files/platon/sesam-door-open.sh
+        dest: /home/sesam/door-open.sh