support multiple admin authorized keys

fix ssh file permissions

ansible/roles/ssh/tasks/main.yml

@@ -2,7 +2,9 @@
   copy:
     src: "{{ role_path }}/files/ca.sh"
     dest: /root/ca.sh
+    mode: 755
 - name: Copy keys
   copy:
     src: "{{ role_path }}/files/keys/"
     dest: /root/.ssh/
+    mode: preserve

cloud_init.cfg.tftpl

@@ -4,4 +4,6 @@ manage_etc_hosts: true
 ssh_pwauth: false
 disable_root: false
 ssh_authorized_keys:
-  - "${host_public_key}"
+%{ for key in admin_authorized_keys ~}
+  - "${key}"
+%{ endfor ~}

main.tf

@@ -28,7 +28,7 @@ resource "libvirt_volume" "main_disk" {
 resource "libvirt_cloudinit_disk" "cloudinit" {
   name           = "${var.name}.iso"
   pool           = "init"
-  user_data      = templatefile("cloud_init.cfg.tftpl", { name = var.name, host_public_key = var.host_public_key })
+  user_data      = templatefile("cloud_init.cfg.tftpl", { name = var.name, admin_authorized_keys = var.admin_authorized_keys })
   network_config = templatefile("network_config.cfg.tftpl", { internal_ip = var.internal_ip })
 }
 

variables.tf

@@ -7,9 +7,12 @@ variable "libvirt_endpoint" {
   default = "qemu+ssh://root@atlas.lan/system"
 }
 
-variable "host_public_key" {
+variable "admin_authorized_keys" {
-  type    = string
+  type    = list(string)
-  default = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOodpLr+FDRyKyHjucHizNLVFHZ5AQmE9GmxMnOsSoaw pimkunis@thinkpadpim"
+  default = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOodpLr+FDRyKyHjucHizNLVFHZ5AQmE9GmxMnOsSoaw pimkunis@thinkpadpim",
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINUZp4BCxf7uLa1QWonx/Crf8tYZ5MKIZ+EuaBa82LrV user@user-laptop"
+  ]
 }
 
 variable "internal_ip" {