From 7ccd0289f195d9ebd1ab0007bc9548b3088d609a Mon Sep 17 00:00:00 2001
From: Lars Wirzenius <liw@liw.fi>
Date: Sat, 10 Sep 2022 09:59:46 +0300
Subject: shell-shell.vm.liw.fi: install an SSH host certificate

Sponsored-by: author
---
 ansible/shell-shell.vm.liw.fi.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/ansible/shell-shell.vm.liw.fi.yml b/ansible/shell-shell.vm.liw.fi.yml
index 68a6db1..63b63f4 100644
--- a/ansible/shell-shell.vm.liw.fi.yml
+++ b/ansible/shell-shell.vm.liw.fi.yml
@@ -2,6 +2,7 @@
   remote_user: root
   roles:
     - role: sane_debian_system
+    - role: sshd
     - role: comfortable-debian-system
     - role: unix_users
     - role: linkchecker
@@ -37,3 +38,8 @@
     smarthost_pass_name: pieni.net/smarthost_pass
 
     mail_hostname: pieni.net
+
+    sshd_version: 1
+    sshd_host_key: "{{ lookup('pipe', 'sshca host private-key shell-shell.vm.liw.fi') }}"
+    sshd_host_cert: "{{ lookup('pipe', 'sshca host certify liw.fi/ca/host/v4 shell-shell.vm.liw.fi') }}"
+    sshd_user_ca_pub: "{{ lookup('pipe', 'sshca ca public-key liw.fi/ca/user/v3') }}"
-- 
cgit v1.2.1