dotfiles/roles/ssh_server/tasks/trusted_ca.yml

18 lines
472 B
YAML
Raw Permalink Normal View History

---
- name: Fetch the public key from the HashiCorp Vault
ansible.builtin.get_url:
url: https://{{ hashicorp_vault_address }}/v1/ssh/public_key
dest: /etc/ssh/sshd_config.d/trusted-user-ca-keys.pem
mode: 0600
owner: root
group: root
- name: Add config for trusted user CA keys
ansible.builtin.copy:
src: files/10-ca.conf
dest: /etc/ssh/sshd_config.d/10-ca.conf
mode: 0600
owner: root
group: root
notify: "Restart SSH server"