From bd99ebe6849edd193a56bbcddcaeeb81baa200c1 Mon Sep 17 00:00:00 2001
From: Stefan Haun <tux@netz39.de>
Date: Sat, 23 Jul 2022 20:10:37 +0200
Subject: [PATCH] Transfer sesam access key to pi authorized keys

---
 platon.yml | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/platon.yml b/platon.yml
index 8f607be..19448a3 100644
--- a/platon.yml
+++ b/platon.yml
@@ -70,11 +70,27 @@
         shell: /home/sesam/door-open.sh
         groups: i2c
         append: yes
+        generate_ssh_key: yes
+
+    - name: Get the SSH public key for sesam
+      ansible.builtin.slurp:
+        src: /home/sesam/.ssh/id_rsa.pub
+      register: sesam_key
+
+    - name: Add SSH public identity as authorized key to pi
+      ansible.posix.authorized_key:
+        user: "{{ gatekeeper_user }}"
+        state: present
+        key: "{{  sesam_key['content'] | b64decode }}"
+        comment: "Sesam access"
 
     - name: Copy door-open.ssh for sesam
       ansible.builtin.copy:
         src: files/platon/sesam-door-open.sh
         dest: /home/sesam/door-open.sh
+        owner: sesam
+        group: sesam
+        mode: "0755"
 
 
     ### Gatekeeper user (pi for now)