Per Device SSH-Keys

ansible/tasks/create_ssh_keys.yaml

@@ -0,0 +1,25 @@
+# Onboarding: This playbook generates per-device ssh keys and places them in passage for later use.
+---
+- name: Generate SSH Keys
+  hosts: all
+  tasks:
+    - name: Check for ssh key present
+      shell: "passage machine/{{ inventory_hostname }}/ssh_key"
+      delegate_to: localhost
+      register: ssh_key
+      failed_when: false
+      changed_when: false
+    - name: Generate ssh_key
+      shell: "openssl genpkey -algorithm ed25519 | passage insert --multiline machine/{{ inventory_hostname }}/ssh_key"
+      delegate_to: localhost
+      when: ssh_key.rc != 0
+      register: new_ssh_key
+    - name: Add entry to secrets.yml
+      delegate_to: localhost
+      lineinfile:
+        state: present
+        path: ../secrets.yml
+        regexp: "^SSH_KEY_{{ inventory_hostname | mandatory | regex_replace('[^A-Za-z0-9]', '_') }}:"
+        line: "SSH_KEY_{{ inventory_hostname | mandatory | regex_replace('[^A-Za-z0-9]', '_') }}: !var:file machine/{{ inventory_hostname }}/ssh_key"
+
+# vim: ft=yaml.ansible

ansible/tasks/regenerate-known-hosts.yaml

@@ -0,0 +1,9 @@
+---
+- name: Generate known_hosts file
+  hosts: localhost
+  gather_facts: true
+  tasks:
+    - name: Run Keyscan
+      shell: "ssh-keyscan {{ groups['all'] | map('extract', hostvars, 'inventory_hostname') | list | join(' ') }} | sort >| ../known_hosts"
+
+