docs: document user_ca_pubkey

Sponsored-by: author
author: Lars Wirzenius <liw@liw.fi> 2022-04-08 18:26:13 +0300
committer: Lars Wirzenius <liw@liw.fi> 2022-04-08 18:26:13 +0300
commit: 58ccb4c08006d1cf2a3f349e592019d2d3e5deca (patch)
tree: 6287e57fd26eff578e1bff8dd03b84104a1d2a82
parent: 360011c903bcfa89c35bee1d8d0ec4b98b029ed8 (diff)
download: v-i-58ccb4c08006d1cf2a3f349e592019d2d3e5deca.tar.gz
2 files changed, 4 insertions, 0 deletions
diff --git a/README.md b/README.md
index 14a00fb..b9fd6db 100644
--- a/README.md
+++ b/README.md
@@ -82,6 +82,8 @@ Explanation:
   - the `user_pub` variable contains an SSH public key that gets
     installed into the `root` user `authorized_keys` file on the
     installed system by the standard playbook
+  - the `user_ca_pubkey` variable contains public key for an SSH CA
+    whose user certificates are to be trusted
 
 With all this configuration in a file, which you can keep in git, you
 can install a base system repeatedly to a specific computer, and do it
diff --git a/tutorial.md b/tutorial.md
index e9bbee2..5e3d6ed 100644
--- a/tutorial.md
+++ b/tutorial.md
@@ -88,6 +88,8 @@ The steps:
     ansible_vars:
       user_pub: |
        ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPQe6lsTapAxiwhhEeE/ixuK+5N8esCsMWoekQqjtxjP liw personal systems
+      user_ca_pubkey: |
+        ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHdSnGI91exKItWsZi0XFVQWluS0FUdd12FLjuQk1FxG liw User CA v1
     extra_lvs:
       - name: vms
         size: 1T
author	Lars Wirzenius <liw@liw.fi>	2022-04-08 18:26:13 +0300
committer	Lars Wirzenius <liw@liw.fi>	2022-04-08 18:26:13 +0300
commit	58ccb4c08006d1cf2a3f349e592019d2d3e5deca (patch)
tree	6287e57fd26eff578e1bff8dd03b84104a1d2a82
parent	360011c903bcfa89c35bee1d8d0ec4b98b029ed8 (diff)
download	v-i-58ccb4c08006d1cf2a3f349e592019d2d3e5deca.tar.gz