From 6d86369e9a9c3a0b136766efa3283288e2f90760 Mon Sep 17 00:00:00 2001
From: Lars Wirzenius <liw@liw.fi>
Date: Wed, 3 Aug 2022 09:59:27 +0300
Subject: stamina: set host key and cert and user CA

Sponsored-by: author
---
 ansible/stamina.yml | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'ansible/stamina.yml')

diff --git a/ansible/stamina.yml b/ansible/stamina.yml
index 024ad39..44ebde9 100644
--- a/ansible/stamina.yml
+++ b/ansible/stamina.yml
@@ -2,6 +2,7 @@
   remote_user: root
   roles:
     - sane_debian_system
+    - sshd
     - ssd
     - comfortable-debian-system
     - self-updating-system
@@ -173,3 +174,8 @@
     smarthost: pieni.net
     smarthost_user: pienirelay
     smarthost_password: "{{ lookup('pipe', 'pass show pieni.net/pienirelay') }}"
+
+    sshd_version: 1
+    sshd_host_key: "{{ lookup('pipe', 'pass ssh/host/stamina') }}"
+    sshd_host_cert: "{{ lookup('pipe', 'sshca host certify liw.fi/ca/host/v3 stamina') }}"
+    sshd_user_ca_pub: "{{ lookup('pipe', 'sshca ca public-key liw.fi/ca/user/v3') }}"
-- 
cgit v1.2.1