variant: fcos
version: 1.4.0

ignition:
  config:
    merge:
    - local: dch-repo.ign

storage:
  files:
  - path: /etc/ignition/packages.d/sshca
    mode: 0644
    contents:
      inline: |
        sshca-cli-systemd

  - path: /etc/ssh/sshd_config.d/10-hostcertificate.conf
    mode: 0644
    contents:
      inline: |
        HostCertificate /etc/ssh/ssh_host_ecdsa_key-cert.pub
        HostCertificate /etc/ssh/ssh_host_ed25519_key-cert.pub
        HostCertificate /etc/ssh/ssh_host_rsa_key-cert.pub

  - path: /etc/sysconfig/ssh-host-cert-sign
    mode: 0644
    contents:
      inline: |
        SSHCA_SERVER=https://sshca.pyrocufflink.blue

  links:
  - path: /etc/systemd/system/after-install.target.wants/ssh-host-certs.target
    target: /usr/lib/systemd/system/ssh-host-certs.target
  - path: /etc/systemd/system/after-install.target.wants/ssh-host-certs-renew.timer
    target: /usr/lib/systemd/system/ssh-host-certs-renew.timer

systemd:
  units:
  - name: ssh-host-certs-renew.timer
    enabled: true