From 857c37a2c1a97492adf39313f086e4f0f89272b4 Mon Sep 17 00:00:00 2001
From: waal70 <waal70@hotmail.com>
Date: Sun, 3 Nov 2024 16:08:41 +0100
Subject: [PATCH] Fix setting SSH-keys: only changed when actually adding keys

---
 tasks/unpriv-user.yml | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/tasks/unpriv-user.yml b/tasks/unpriv-user.yml
index 96f3ff7..3aac151 100644
--- a/tasks/unpriv-user.yml
+++ b/tasks/unpriv-user.yml
@@ -10,7 +10,16 @@
     skeleton: /etc/skel
     append: true
 
-- name: Set the primary key for the unprivileged user, removing any others
+- name: Check the primary key for the unprivileged user
+  ansible.posix.authorized_key:
+    user: "{{ interactive_user }}"
+    key: "{{ lookup('file', '../home/ssh-keys/{{ interactive_user }}/{{ interactive_user }}-yubi-1.pub') }}"
+    state: present
+    exclusive: false
+  register: setkey
+
+- name: Re-set the primary key as exclusive, if we found that the key was not present yet # noqa: no-handler
+  when: setkey.changed
   ansible.posix.authorized_key:
     user: "{{ interactive_user }}"
     key: "{{ lookup('file', '../home/ssh-keys/{{ interactive_user }}/{{ interactive_user }}-yubi-1.pub') }}"
@@ -22,6 +31,7 @@
     user: "{{ interactive_user }}"
     key: "{{ lookup('file', '../home/ssh-keys/{{ interactive_user }}/{{ interactive_user }}-yubi-2.pub') }}"
     state: present
+    exclusive: false
 
 - name: Install required package to become unprivileged users
   ansible.builtin.apt: