From b493485b9034920c379a4c92aef39432c0c2c414 Mon Sep 17 00:00:00 2001
From: Marty Oehme <contact@martyoeh.me>
Date: Wed, 19 Nov 2025 14:35:30 +0100
Subject: [PATCH] feat: Add authorized ssh keys to host

---
 roles/system/defaults/main.yaml | 4 ++++
 roles/system/tasks/main.yaml    | 9 +++++++++
 2 files changed, 13 insertions(+)
 create mode 100644 roles/system/defaults/main.yaml

diff --git a/roles/system/defaults/main.yaml b/roles/system/defaults/main.yaml
new file mode 100644
index 0000000..e60978c
--- /dev/null
+++ b/roles/system/defaults/main.yaml
@@ -0,0 +1,4 @@
+---
+
+system_authorized_keys:
+  - "{{ lookup('file', '~/.ssh/keys/bob.pub') }}"
diff --git a/roles/system/tasks/main.yaml b/roles/system/tasks/main.yaml
index 068c2e0..0263ec1 100644
--- a/roles/system/tasks/main.yaml
+++ b/roles/system/tasks/main.yaml
@@ -36,3 +36,12 @@
     - packages
   become: true
 
+- name: Add authorized SSH keys
+  ansible.posix.authorized_key:
+    user: marty # FIXME: don't hardoce user
+    state: present
+    key: "{{ item }}"
+  loop: "{{ system_authorized_keys }}"
+  tags:
+    - ssh
+  become: true