refactor: use sshd_* vars from all group, when possible

Sponsored-by: author

3 files changed, 8 insertions, 3 deletions

diff --git a/ansible/holywood2.yml b/ansible/holywood2.yml
index e63a38c..9cf1c10 100644
--- a/ansible/holywood2.yml
+++ b/ansible/holywood2.yml
@@ -52,6 +52,3 @@
     letsencrypt: no
 
     sshd_version: 1
-    sshd_host_key: "{{ lookup('pipe', 'sshca host private-key holywood2') }}"
-    sshd_host_cert: "{{ lookup('pipe', 'sshca host certify --ca liw.fi/ca/host/v5 holywood2') }}"
-    sshd_user_ca_pub: "{{ lookup('pipe', 'sshca ca public-key liw.fi/ca/user/v5') }}"
diff --git a/ansible/irc.liw.fi.yml b/ansible/irc.liw.fi.yml
index 19abdab..3e094c3 100644
--- a/ansible/irc.liw.fi.yml
+++ b/ansible/irc.liw.fi.yml
@@ -29,6 +29,10 @@
         authorized_keys: |
           {{ liw_personal_ssh_pub }}
 
+    # We must define the sshd variables here. The defaults from the
+    # "all" group assume sshca knows the host by the
+    # sane_debian_system_hostname name, which isn't true for this
+    # host.
     sshd_version: 1
     sshd_host_key: "{{ lookup('pipe', 'sshca host private-key irc.liw.fi') }}"
     sshd_host_cert: "{{ lookup('pipe', 'sshca host certify --ca liw.fi/ca/host/v5 irc.liw.fi') }}"
diff --git a/ansible/shell-shell.vm.liw.fi.yml b/ansible/shell-shell.vm.liw.fi.yml
index 0f01bd0..b6593e8 100644
--- a/ansible/shell-shell.vm.liw.fi.yml
+++ b/ansible/shell-shell.vm.liw.fi.yml
@@ -39,6 +39,10 @@
 
     mail_hostname: pieni.net
 
+    # We must define the sshd variables here. The defaults from the
+    # "all" group assume sshca knows the host by the
+    # sane_debian_system_hostname name, which isn't true for this
+    # host.
     sshd_version: 1
     sshd_host_key: "{{ lookup('pipe', 'sshca host private-key shell-shell.vm.liw.fi') }}"
     sshd_host_cert: "{{ lookup('pipe', 'sshca host certify --ca liw.fi/ca/host/v5 shell-shell.vm.liw.fi') }}"