From 753635789a75c2650453331ce10bfd3807fd20b9 Mon Sep 17 00:00:00 2001
From: Lars Wirzenius <liw@liw.fi>
Date: Sun, 17 Apr 2022 20:45:45 +0300
Subject: feat: install SSH host key and certificate, if requested

Sponsored-by: author
---
 std.yml | 27 ++++++++++++++++++++++++++-
 1 file changed, 26 insertions(+), 1 deletion(-)

diff --git a/std.yml b/std.yml
index a35e87d..9a46c1c 100644
--- a/std.yml
+++ b/std.yml
@@ -44,9 +44,34 @@
     - name: "configure sshd to accept CA for users"
       when: user_ca_pubkey is defined
       copy:
-        content: TrustedUserCAKeys /etc/ssh/user_ca_keys
+        content: |
+          TrustedUserCAKeys /etc/ssh/user_ca_keys
         dest: /etc/ssh/sshd_config.d/userca.conf
 
+    - name: "install host key"
+      when: host_key is defined
+      copy:
+        content: |
+          {{ host_key }}
+        dest: /etc/ssh/ssh_host_ed25519_key
+        mode: 0600
+
+    - name: "install host cert"
+      when: host_cert is defined
+      copy:
+        content: |
+          {{ host_cert }}
+        dest: /etc/ssh/ssh_host_ed25519_key-cert.pub
+        mode: 0644
+
+    - name: "configue sshd to use host cert"
+      when: host_cert is defined
+      copy:
+        content: |
+          HostKey /etc/ssh/ssh_host_ed25519_key
+          HostCertificate /etc/ssh/ssh_host_ed25519_key-cert.pub
+        dest: /etc/ssh/sshd_config.d/host_cert.conf
+
     - name: "configure keyboard layout"
       copy:
         content: |
-- 
cgit v1.2.1