From 69765030979d5d9db9746dbc2491ac737a25e656 Mon Sep 17 00:00:00 2001
From: Tobias Manske <mail@tobiasmanske.de>
Date: Thu, 14 Sep 2023 14:54:09 +0200
Subject: [PATCH] fixup! Per Device SSH-Keys

---
 ansible/plays/common.yaml          | 9 +++------
 ansible/tasks/create_ssh_keys.yaml | 3 ++-
 2 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/ansible/plays/common.yaml b/ansible/plays/common.yaml
index e179ecc..91ed0d2 100644
--- a/ansible/plays/common.yaml
+++ b/ansible/plays/common.yaml
@@ -18,18 +18,15 @@
       become: false
       changed_when: false
       register: pubkey
-      community.crypto.openssl_publickey:
-        format: OpenSSH
-        path: "/tmp/{{ inventory_hostname }}.pub"
-        privatekey_path: "{{ ansible_ssh_private_key_file }}"
-        return_content: true
+      ansible.builtin.command:
+        cmd: "ssh-keygen -y -f {{ ansible_ssh_private_key_file }}"
     - name: Deploy Machine SSH-Key
       ansible.posix.authorized_key:
         user: "{{ ansible_user }}"
         state: present
         manage_dir: false
         path: "/etc/ssh/authorized_keys/{{ ansible_user }}"
-        key: "{{ pubkey.publickey }} drone-machine-deploy"
+        key: "{{ pubkey.stdout }}"
     - name: Deploy Common SSH-Keys
       ansible.posix.authorized_key:
         user: "{{ ansible_user }}"
diff --git a/ansible/tasks/create_ssh_keys.yaml b/ansible/tasks/create_ssh_keys.yaml
index d8d8187..0ffef5a 100644
--- a/ansible/tasks/create_ssh_keys.yaml
+++ b/ansible/tasks/create_ssh_keys.yaml
@@ -2,6 +2,7 @@
 ---
 - name: Generate SSH Keys
   hosts: all
+  serial: 1
   tasks:
     - name: Check for ssh key present
       shell: "passage machine/{{ inventory_hostname }}/ssh_key"
@@ -10,7 +11,7 @@
       failed_when: false
       changed_when: false
     - name: Generate ssh_key
-      shell: "openssl genpkey -algorithm ed25519 | passage insert --multiline machine/{{ inventory_hostname }}/ssh_key"
+      shell: "( exec 3>&1 ; ssh-keygen -qt ed25519 -f /proc/self/fd/3 <<<y >/dev/null 2>&1 ) | passage insert --multiline machine/{{ inventory_hostname }}/ssh_key"
       delegate_to: localhost
       when: ssh_key.rc != 0
       register: new_ssh_key