#!/usr/bin/env bash # modify_ script for authorized_keys # # chezmoi calls this with the CURRENT authorized_keys on stdin. # We output the current content PLUS any missing fleet pubkeys. # This preserves machine-specific entries while ensuring fleet access. set -euo pipefail # Read current authorized_keys from stdin current=$(cat) # Start with existing content echo "$current" # Append fleet pubkeys if not already present {{ range $name, $data := .fleet -}} {{ if ne $data.pubkey "" -}} if ! echo "$current" | grep -qF '{{ $data.pubkey }}'; then echo '{{ $data.pubkey }}' fi {{ end -}} {{ end -}}