feat: install SSH host key and certificate, if requested

Sponsored-by: author
author: Lars Wirzenius <liw@liw.fi> 2022-04-17 20:45:45 +0300
committer: Lars Wirzenius <liw@liw.fi> 2022-04-17 20:45:45 +0300
commit: 753635789a75c2650453331ce10bfd3807fd20b9 (patch)
tree: 0bcd02cdfed5c09f6ab6adfd7e4b4b6d5996888a
parent: d6febba2ce42f2d75f08f1d95750e648402b353e (diff)
download: v-i-753635789a75c2650453331ce10bfd3807fd20b9.tar.gz
1 files changed, 26 insertions, 1 deletions
diff --git a/std.yml b/std.yml
index a35e87d..9a46c1c 100644
--- a/std.yml
+++ b/std.yml
@@ -44,9 +44,34 @@
     - name: "configure sshd to accept CA for users"
       when: user_ca_pubkey is defined
       copy:
-        content: TrustedUserCAKeys /etc/ssh/user_ca_keys
+        content: |
+          TrustedUserCAKeys /etc/ssh/user_ca_keys
         dest: /etc/ssh/sshd_config.d/userca.conf
 
+    - name: "install host key"
+      when: host_key is defined
+      copy:
+        content: |
+          {{ host_key }}
+        dest: /etc/ssh/ssh_host_ed25519_key
+        mode: 0600
+
+    - name: "install host cert"
+      when: host_cert is defined
+      copy:
+        content: |
+          {{ host_cert }}
+        dest: /etc/ssh/ssh_host_ed25519_key-cert.pub
+        mode: 0644
+
+    - name: "configue sshd to use host cert"
+      when: host_cert is defined
+      copy:
+        content: |
+          HostKey /etc/ssh/ssh_host_ed25519_key
+          HostCertificate /etc/ssh/ssh_host_ed25519_key-cert.pub
+        dest: /etc/ssh/sshd_config.d/host_cert.conf
+
     - name: "configure keyboard layout"
       copy:
         content: |
author	Lars Wirzenius <liw@liw.fi>	2022-04-17 20:45:45 +0300
committer	Lars Wirzenius <liw@liw.fi>	2022-04-17 20:45:45 +0300
commit	753635789a75c2650453331ce10bfd3807fd20b9 (patch)
tree	0bcd02cdfed5c09f6ab6adfd7e4b4b6d5996888a
parent	d6febba2ce42f2d75f08f1d95750e648402b353e (diff)
download	v-i-753635789a75c2650453331ce10bfd3807fd20b9.tar.gz