From a97c2df31a2cfbfb5114ef94116f790843f6adfe Mon Sep 17 00:00:00 2001
From: Adar Nimrod <nimrod@shore.co.il>
Date: Sun, 16 Apr 2017 19:02:14 +0300
Subject: [PATCH] - Disable access to the deploy key for the owner, thus allow
 root to use the key for deployments as well.

---
 defaults/main.yml | 1 -
 tasks/main.yml    | 9 +++++++--
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 1bfe6ba..48b3fd8 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -2,4 +2,3 @@
 # defaults file for deploy-key
 deploy_key_users:
     - nobody
-    - root
diff --git a/tasks/main.yml b/tasks/main.yml
index b87e65d..49367d2 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -37,12 +37,17 @@
       name: git
       state: present
 
+- name: Get the nobody uid
+  command: id -u nobody
+  changed_when: False
+  register: deploy_key_nobody_uid
+
 - name: Copy the deployment key
   copy:
       content: '{{ deploy_key }}'
-      owner: root
+      owner: '{{ deploy_key_nobody_uid.stdout.strip()|int -1 }}'
       group: deploy
-      mode: 0o0440
+      mode: 0o0040
       dest: /etc/ssh/deploy.key
 
 - name: Configure SSH to use the deploy key
-- 
GitLab