41 lines
1015 B
YAML
41 lines
1015 B
YAML
variant: fcos
|
|
version: 1.4.0
|
|
|
|
ignition:
|
|
config:
|
|
merge:
|
|
- local: dch-repo.ign
|
|
|
|
storage:
|
|
files:
|
|
- path: /etc/ignition/packages.d/sshca
|
|
mode: 0644
|
|
contents:
|
|
inline: |
|
|
sshca-cli-systemd
|
|
|
|
- path: /etc/ssh/sshd_config.d/10-hostcertificate.conf
|
|
mode: 0644
|
|
contents:
|
|
inline: |
|
|
HostCertificate /etc/ssh/ssh_host_ecdsa_key-cert.pub
|
|
HostCertificate /etc/ssh/ssh_host_ed25519_key-cert.pub
|
|
HostCertificate /etc/ssh/ssh_host_rsa_key-cert.pub
|
|
|
|
- path: /etc/sysconfig/ssh-host-cert-sign
|
|
mode: 0644
|
|
contents:
|
|
inline: |
|
|
SSHCA_SERVER=https://sshca.pyrocufflink.blue
|
|
|
|
links:
|
|
- path: /etc/systemd/system/after-install.target.wants/ssh-host-certs.target
|
|
target: /usr/lib/systemd/system/ssh-host-certs.target
|
|
- path: /etc/systemd/system/after-install.target.wants/ssh-host-certs-renew.timer
|
|
target: /usr/lib/systemd/system/ssh-host-certs-renew.timer
|
|
|
|
systemd:
|
|
units:
|
|
- name: ssh-host-certs-renew.timer
|
|
enabled: true
|