ooni · LDiazN · Jan 26, 2026 · Jan 19, 2026 · Jan 19, 2026 · Jan 19, 2026
diff --git a/ansible/group_vars/all/vars.yml b/ansible/group_vars/all/vars.yml
@@ -13,6 +13,11 @@ ssh_users:
       [
         "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJsibU0nsQFFIdolD1POzXOws4VetV0ZNByINRzY8Hx0 arturo@ooni.org",
       ]
+  aagbsn:
+    login: aagbsn
+    comment: Aaron Gibson
+    keys:
+      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC91p0KabJ1OGKKVLiOlECaP7nYBPUStXUVUsFw/pis2 aaron@openobservatory.org"
   majakomel:
     login: majakomel
     comment: Maja Komel
@@ -34,8 +39,8 @@ ssh_users:
     keys:
       - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHc04zv+G8vGOS/znLy6xd3lB0/B07uaFjgyh4UgqUMA luis@openobservatory.org"
 
-admin_usernames: [art, mehul, luis]
-root_usernames: [art, mehul, luis]
+admin_usernames: [art, aagbsn, mehul, luis]
+root_usernames: [art, aagbsn, mehul, luis]
 non_admin_usernames: []
 
 prometheus_metrics_password: "{{ lookup('amazon.aws.aws_ssm', '/oonidevops/ooni_services/prometheus_metrics_password', profile='oonidevops_user_prod') }}"
diff --git a/ansible/host_vars/notebook1.htz-fsn.prod.ooni.nu b/ansible/host_vars/notebook1.htz-fsn.prod.ooni.nu
@@ -119,7 +119,7 @@ ssh_users:
     login: aagbsn
     comment: Aaron Gibson
     keys:
-      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINCW9YqNPaMRhNw84sk3NCea0RETVEg4EQS0f4CO020/ aagbsn@extc.org"
+      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC91p0KabJ1OGKKVLiOlECaP7nYBPUStXUVUsFw/pis2 aaron@openobservatory.org"
   imap:
     login: imap
     comment: iMAP partners (only for training by Siti/Sinar Project)

diff --git a/ansible/roles/ssh_users/tasks/main.yml b/ansible/roles/ssh_users/tasks/main.yml
@@ -1,5 +1,6 @@
 ---
 - name: ensure admin group exists
+  tags: ssh_users
   group:
     name: "{{ admin_group_name }}"
     state: present
@@ -52,6 +53,7 @@
   with_items: "{{ admin_usernames | union(non_admin_usernames) }}"
 
 - name: configure sshd
+  tags: ssh_users
   include_role:
     name: willshersystems.sshd
   vars:
@@ -60,13 +62,15 @@
       AllowUsers: "{{ admin_usernames | union(non_admin_usernames) | sort | join(' ') }}"
 
 - name: Enesure sudoers dir exists
+  tags: ssh_users
   ansible.builtin.file:
     path: /etc/sudoers.d
     state: directory
     owner: root
     group: root
 
 - name: sudoers.d/80-admins
+  tags: ssh_users
   template:
     src: sudoers
     dest: /etc/sudoers.d/80-admins
@@ -76,11 +80,13 @@
     validate: 'visudo -cf %s'
 
 - name: sudoers.d/adm
+  tags: ssh_users
   ansible.builtin.file:
     path: /etc/sudoers.d/adm
     state: absent
 
 - name: reload sshd
+  tags: ssh_users
   ansible.builtin.systemd_service:
     name: sshd
     state: reloaded