42 lines
857 B
YAML
42 lines
857 B
YAML
- name: ensure sshca-cli-systemd is installed
|
|
package:
|
|
name: sshca-cli-systemd
|
|
state: present
|
|
notify:
|
|
- restart ssh-host-certs.target
|
|
tags:
|
|
- install
|
|
|
|
- name: ensure ssh-host-cert-sign is configured
|
|
template:
|
|
src: ssh-host-cert-sign.env.j2
|
|
dest: /etc/sysconfig/ssh-host-cert-sign
|
|
owner: root
|
|
group: root
|
|
mode: u=rw,go=r
|
|
notify:
|
|
- restart ssh-host-certs.target
|
|
tags:
|
|
- config
|
|
|
|
- name: ensure ssh-host-certs-renew.timer is enabled
|
|
systemd:
|
|
name: ssh-host-certs-renew.timer
|
|
enabled: true
|
|
state: started
|
|
tags:
|
|
- service
|
|
|
|
- name: ensure sshd is configured to use host certificates
|
|
template:
|
|
src: hostcertificate.conf.j2
|
|
dest: /etc/ssh/sshd_config.d/10-hostcertificate.conf
|
|
mode: u=rw,go=r
|
|
owner: root
|
|
group: root
|
|
notify:
|
|
- reload sshd
|
|
tags:
|
|
- config
|
|
- sshd_config
|