summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLars Wirzenius <liw@liw.fi>2022-09-21 17:24:23 +0300
committerLars Wirzenius <liw@liw.fi>2022-09-21 17:24:23 +0300
commita30dd26f001e27518cc0399182d88da26f2e6ddd (patch)
treef40571b03744277a3606e0015c38f08aa45ceb4d
parenteb9f9e8e815710bd1d2b73e00c04b595379fb59f (diff)
downloadansibleness-a30dd26f001e27518cc0399182d88da26f2e6ddd.tar.gz
atuin.liw.fi: set SSH host key and certificate
Sponsored-by: author
Diffstat
-rw-r--r--ansible/atuin.liw.fi.yml10
1 files changed, 10 insertions, 0 deletions
diff --git a/ansible/atuin.liw.fi.yml b/ansible/atuin.liw.fi.yml
index cf0a223..46c78e8 100644
--- a/ansible/atuin.liw.fi.yml
+++ b/ansible/atuin.liw.fi.yml
@@ -2,6 +2,7 @@
remote_user: root
roles:
- hetzner-network-bridge
+ - sshd
- role: ferm-firewalled
tags: [ferm]
- sane_debian_system
@@ -76,6 +77,10 @@
ferm_iface_ext: "{{ bridge_nic }}"
+ sshd_version: 1
+ sshd_host_key: "{{ lookup('pipe', 'sshca host private-key atuin.liw.fi') }}"
+ sshd_host_cert: "{{ lookup('pipe', 'sshca host certify liw.fi/ca/host/v5 atuin.liw.fi') }}"
+ sshd_user_ca_pub: "{{ lookup('pipe', 'sshca ca public-key liw.fi/ca/user/v5') }}"
- hosts: nalanda
remote_user: root
@@ -95,6 +100,7 @@
group: root
mode: 0644
roles:
+ - sshd
- role: ferm-firewalled
tags: [ferm]
- sane_debian_system
@@ -201,6 +207,10 @@
smarthost_password: "{{ lookup('pipe', 'pass show pieni.net/pienirelay') }}"
relayhost: pieni.net:587
+ sshd_version: 1
+ sshd_host_key: "{{ lookup('pipe', 'sshca host private-key nalanda.liw.fi') }}"
+ sshd_host_cert: "{{ lookup('pipe', 'sshca host certify liw.fi/ca/host/v5 nalanda.liw.fi') }}"
+ sshd_user_ca_pub: "{{ lookup('pipe', 'sshca ca public-key liw.fi/ca/user/v5') }}"
# - hosts: gregvm
# remote_user: root
generated by cgit v1.2.1 (git 2.18.0) at 2024-04-26 12:02:51 +0000