infrastructure/ansible/tasks/create_ssh_keys.yaml

# Onboarding: This playbook generates per-device ssh keys and places them in passage for later use.
---
- name: Generate SSH Keys
  hosts: all
  serial: 1
  tasks:
    - name: Check for ssh key present
      shell: "passage machine/{{ inventory_hostname }}/ssh_key"
      delegate_to: localhost
      register: ssh_key
      failed_when: false
      changed_when: false
    - name: Generate ssh_key
      shell: "( exec 3>&1 ; ssh-keygen -qt ed25519 -f /proc/self/fd/3 <<<y >/dev/null 2>&1 ) | passage insert --multiline machine/{{ inventory_hostname }}/ssh_key"
      delegate_to: localhost
      when: ssh_key.rc != 0
      register: new_ssh_key
    - name: Add entry to secrets.yml
      delegate_to: localhost
      lineinfile:
        state: present
        path: ../secrets.yml
        regexp: "^SSH_KEY_{{ inventory_hostname | mandatory | regex_replace('[^A-Za-z0-9]', '_') }}:"
        line: "SSH_KEY_{{ inventory_hostname | mandatory | regex_replace('[^A-Za-z0-9]', '_') }}: !var:file machine/{{ inventory_hostname }}/ssh_key"

# vim: ft=yaml.ansible