dotfiles/roles/system/sshd/tasks/trusted_ca.yml
2024-07-12 14:53:42 +02:00

17 lines
472 B
YAML

---
- name: Fetch the public key from the HashiCorp Vault
ansible.builtin.get_url:
url: https://{{ hashicorp_vault_address }}/v1/ssh/public_key
dest: /etc/ssh/sshd_config.d/trusted-user-ca-keys.pem
mode: 0600
owner: root
group: root
- name: Add config for trusted user CA keys
ansible.builtin.copy:
src: files/10-ca.conf
dest: /etc/ssh/sshd_config.d/10-ca.conf
mode: 0600
owner: root
group: root
notify: "Restart SSH server"