From a30dd26f001e27518cc0399182d88da26f2e6ddd Mon Sep 17 00:00:00 2001
From: Lars Wirzenius <liw@liw.fi>
Date: Wed, 21 Sep 2022 17:24:23 +0300
Subject: atuin.liw.fi: set SSH host key and certificate

Sponsored-by: author
---
 ansible/atuin.liw.fi.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/ansible/atuin.liw.fi.yml b/ansible/atuin.liw.fi.yml
index cf0a223..46c78e8 100644
--- a/ansible/atuin.liw.fi.yml
+++ b/ansible/atuin.liw.fi.yml
@@ -2,6 +2,7 @@
   remote_user: root
   roles:
     - hetzner-network-bridge
+    - sshd
     - role: ferm-firewalled
       tags: [ferm]
     - sane_debian_system
@@ -76,6 +77,10 @@
 
     ferm_iface_ext: "{{ bridge_nic }}"
 
+    sshd_version: 1
+    sshd_host_key: "{{ lookup('pipe', 'sshca host private-key atuin.liw.fi') }}"
+    sshd_host_cert: "{{ lookup('pipe', 'sshca host certify liw.fi/ca/host/v5 atuin.liw.fi') }}"
+    sshd_user_ca_pub: "{{ lookup('pipe', 'sshca ca public-key liw.fi/ca/user/v5') }}"
 
 - hosts: nalanda
   remote_user: root
@@ -95,6 +100,7 @@
         group: root
         mode: 0644
   roles:
+    - sshd
     - role: ferm-firewalled
       tags: [ferm]
     - sane_debian_system
@@ -201,6 +207,10 @@
     smarthost_password: "{{ lookup('pipe', 'pass show pieni.net/pienirelay') }}"
     relayhost: pieni.net:587
 
+    sshd_version: 1
+    sshd_host_key: "{{ lookup('pipe', 'sshca host private-key nalanda.liw.fi') }}"
+    sshd_host_cert: "{{ lookup('pipe', 'sshca host certify liw.fi/ca/host/v5 nalanda.liw.fi') }}"
+    sshd_user_ca_pub: "{{ lookup('pipe', 'sshca ca public-key liw.fi/ca/user/v5') }}"
 
 # - hosts: gregvm
 #   remote_user: root
-- 
cgit v1.2.1