From 0a5f0b7714e50971863388f87f38b7e19075b302 Mon Sep 17 00:00:00 2001
From: Jan Beilicke <dev@jotbe.io>
Date: Sun, 10 Dec 2023 15:24:17 +0100
Subject: [PATCH 1/3] Adds option to make authorized_keys exclusive (default:
 false)

---
 defaults/main.yml | 3 ++-
 tasks/main.yml    | 6 +++---
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 108c3d8..395c009 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -11,4 +11,5 @@ users:
   - vagrant
 sudoers:
   - vagrant
-ensure_ansible_version: 2.10.3
\ No newline at end of file
+ensure_ansible_version: 2.10.3
+authorized_keys_are_exclusive: false # Be careful, this will delete non-Ansible-managed authorized keys from the target!
\ No newline at end of file
diff --git a/tasks/main.yml b/tasks/main.yml
index cd239a5..13908de 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -50,6 +50,6 @@
   become: yes
   when: ansible_facts['os_family'] == 'Debian'
 
-- name: Install Ansible
-  pip:
-    name: ansible=={{ ensure_ansible_version }}
\ No newline at end of file
+# - name: Install Ansible
+#   pip:
+#     name: ansible=={{ ensure_ansible_version }}
\ No newline at end of file

From 55fcc318cc06a99b4dde27e9897336776528f99a Mon Sep 17 00:00:00 2001
From: Jan Beilicke <dev@jotbe.io>
Date: Sun, 10 Dec 2023 15:25:53 +0100
Subject: [PATCH 2/3] Adds option to make authorized_keys exclusive (default:
 false)

---
 tasks/users.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/tasks/users.yml b/tasks/users.yml
index 5c38204..f3a88b9 100644
--- a/tasks/users.yml
+++ b/tasks/users.yml
@@ -35,8 +35,9 @@
     user: "{{ item }}"
     state: present
     key: "{{ lookup('file', 'public_keys/id_{{ item }}.pub') }}"
+    exclusive: "{{ authorized_keys_are_exclusive | bool }}"
   with_items: "{{ users }}"
-  ignore_errors: yes
+  ignore_errors: true
 
 - name: 'Ensure that wheel group is existing'
   group:

From 7c6810a9459ab59196779a0e10a6a3178eb7c526 Mon Sep 17 00:00:00 2001
From: Jan Beilicke <dev@jotbe.io>
Date: Sun, 10 Dec 2023 15:26:25 +0100
Subject: [PATCH 3/3] Adds option to make authorized_keys exclusive (default:
 false)

---
 tasks/main.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/tasks/main.yml b/tasks/main.yml
index 13908de..cd239a5 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -50,6 +50,6 @@
   become: yes
   when: ansible_facts['os_family'] == 'Debian'
 
-# - name: Install Ansible
-#   pip:
-#     name: ansible=={{ ensure_ansible_version }}
\ No newline at end of file
+- name: Install Ansible
+  pip:
+    name: ansible=={{ ensure_ansible_version }}
\ No newline at end of file