Replace references with properties and add SSH key

group_vars/all/vars.yml

@@ -1,6 +1,5 @@
 # vim: ft=yaml.ansible
 ---
-ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPd/4fQV7CL8/KVwbo/phiV5UdXFBIDlkZ+ps8C7FeRf
 hostname: pi
 timezone: Europe/Copenhagen
 
@@ -9,3 +8,7 @@ hdd_mount_point: /opt/{{ hdd_name }}
 
 ssd_name: pi-ssd
 ssd_mount_point: /opt/{{ ssd_name }}
+
+ssh_keys:
+  - sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIFWZGLov8wPBNxuvnaPK+8vv6wK5hHUVEFzXKsN9QeuBAAAADHNzaDpzYW1zYXB0aQ== ssh:samsapti
+  - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPd/4fQV7CL8/KVwbo/phiV5UdXFBIDlkZ+ps8C7FeRf

roles/os_config/handlers/main.yml

@@ -14,9 +14,10 @@
 
 - name: Change GPIO_PIN
   ansible.builtin.lineinfile:
+    path: /home/{{ ansible_user }}/pi-fan-controller/fancontrol.py
     regexp: '^GPIO_PIN = '
     line: GPIO_PIN = 14
-    dest: /home/{{ ansible_user }}/pi-fan-controller/fancontrol.py
+    state: present
   listen: pi-fan-controller
 
 - name: Install requirements for pi-fan-controller

roles/os_config/tasks/ssh.yml

@@ -3,26 +3,29 @@
 - name: Add public SSH key to default user
   ansible.posix.authorized_key:
     user: "{{ ansible_user }}"
-    key: "{{ ssh_key }}"
+    key: "{{ ssh_keys | join('\n') }}"
     exclusive: true
 
 - name: Allow SSH login with public keys
   ansible.builtin.lineinfile:
+    path: /etc/ssh/sshd_config
     regexp: '^#?PubkeyAuthentication '
     line: PubkeyAuthentication yes
-    dest: /etc/ssh/sshd_config
+    state: present
   notify: sshd
 
 - name: Disallow SSH login with password
   ansible.builtin.lineinfile:
+    path: /etc/ssh/sshd_config
     regexp: '^#?PasswordAuthentication '
     line: PasswordAuthentication no
-    dest: /etc/ssh/sshd_config
+    state: present
   notify: sshd
 
 - name: Disallow root login over SSH
   ansible.builtin.lineinfile:
+    path: /etc/ssh/sshd_config
     regexp: '^#?PermitRootLogin '
     line: PermitRootLogin no
-    dest: /etc/ssh/sshd_config
+    state: present
   notify: sshd