Skip to content

Commit

Permalink
Authorize GitHub Actions SSH in cloud-init
Browse files Browse the repository at this point in the history
This lets Ansible runs work out of the box, without manual
bootstrapping.
  • Loading branch information
strugee committed Mar 27, 2024
1 parent c94d3d9 commit 2d63c2c
Showing 1 changed file with 19 additions and 0 deletions.
19 changes: 19 additions & 0 deletions simple_vm/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,25 @@ resource "openstack_compute_instance_v2" "instance" {
network {
name = var.network
}

lifecycle {
ignore_changes = [user_data]
}

user_data = <<-EOT
#cloud-config
ssh_pwauth: false
users:
- name: "gh-actions"
gecos: "Privileged User"
sudo: "ALL=(ALL) NOPASSWD:ALL"
shell: "/bin/bash"
lock_passwd: true
create_groups: false
uid: 1027
ssh_authorized_keys:
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDRCJCQ1UD9QslWDSw5Pwsvba0Wsf1pO4how5BtNaZn0xLZpTq2nqFEJshUkd/zCWF7DWyhmNphQ8c+U+wcmdNVcg2pI1kPxq0VZzBfZ7cDwhjgeLsIvTXvU+HVRtsXh4c5FlUXpRjf/x+a3vqFRvNsRd1DE+5ZqQHbOVbnsStk3PZppaByMg+AZZMx56OUk2pZCgvpCwj6LIixqwuxNKPxmJf45RyOsPUXwCwkq9UD4me5jksTPPkt3oeUWw1ZSSF8F/141moWsGxSnd5NxCbPUWGoRfYcHc865E70nN4WrZkM7RFI/s5mvQtuj8dRL67JUEwvdvEDO0EBz21FV/iOracXd2omlTUSK+wYrWGtiwQwEgr4r5bimxDKy9L8UlaJZ+ONhLTP8ecTHYkaU1C75sLX9ZYd5YtqjiNGsNF+wdW6WrXrQiWeyrGK7ZwbA7lagSxIa7yeqnKDjdkcJvQXCYGLM9AMBKWeJaOpwqZ+dOunMDLd5VZrDCU2lpCSJ1M="
EOT
}

resource "aws_route53_record" "dns-a" {
Expand Down

0 comments on commit 2d63c2c

Please sign in to comment.