26 lines
1004 B
YAML
26 lines
1004 B
YAML
# Onboarding: This playbook generates per-device ssh keys and places them in passage for later use.
|
|
---
|
|
- name: Generate SSH Keys
|
|
hosts: all
|
|
tasks:
|
|
- name: Check for ssh key present
|
|
shell: "passage machine/{{ inventory_hostname }}/ssh_key"
|
|
delegate_to: localhost
|
|
register: ssh_key
|
|
failed_when: false
|
|
changed_when: false
|
|
- name: Generate ssh_key
|
|
shell: "openssl genpkey -algorithm ed25519 | passage insert --multiline machine/{{ inventory_hostname }}/ssh_key"
|
|
delegate_to: localhost
|
|
when: ssh_key.rc != 0
|
|
register: new_ssh_key
|
|
- name: Add entry to secrets.yml
|
|
delegate_to: localhost
|
|
lineinfile:
|
|
state: present
|
|
path: ../secrets.yml
|
|
regexp: "^SSH_KEY_{{ inventory_hostname | mandatory | regex_replace('[^A-Za-z0-9]', '_') }}:"
|
|
line: "SSH_KEY_{{ inventory_hostname | mandatory | regex_replace('[^A-Za-z0-9]', '_') }}: !var:file machine/{{ inventory_hostname }}/ssh_key"
|
|
|
|
# vim: ft=yaml.ansible
|