18 lines
460 B
YAML
18 lines
460 B
YAML
|
---
|
||
|
|
- name: Fetch the public key from the HashiCorp Vault
|
||
|
|
ansible.builtin.get_url:
|
||
|
|
url: https://hvault.mfocko.xyz/v1/ssh/public_key
|
||
|
|
dest: /etc/ssh/sshd_config.d/trusted-user-ca-keys.pem
|
||
|
|
mode: 0600
|
||
|
|
owner: root
|
||
|
|
group: root
|
||
|
|
|
||
|
|
- name: Add config for trusted user CA keys
|
||
|
|
ansible.builtin.copy:
|
||
|
|
src: files/10-ca.conf
|
||
|
|
dest: /etc/ssh/sshd_config.d/10-ca.conf
|
||
|
|
mode: 0600
|
||
|
|
owner: root
|
||
|
|
group: root
|
||
|
|
notify: "Restart SSH server"
|