---
- name: Setup git config
  copy:
    src: .gitconfig
    dest: /root/.gitconfig
    owner: root
    mode: u=rw,g=,o=

# make sure our vps trusts the github.com key signature. we pipe the output
# of ssh-keyscan into .ssh/known_hosts

# TODO: make idempotent
- name: Scan for SSH host keys
  command: ssh-keyscan github.com 2>/dev/null
  register: ssh_scan

- name: Update known_hosts
  copy:
    content: "{{ ssh_scan.stdout_lines|join('\n')  }}"
    dest: /root/.ssh/known_hosts
    owner: root
    mode: u=rw,g=,o=
    force: no # if we already have a known_hosts file, ignore!

# this keypair is trusted under my github account, so it allows my vps to make pushes
# to the main branch of my openpunk repository. (for my deadswitch: see static/blog/imdead.sh)

- name: Install ssh priv key
  copy:
    src: secrets/id_ed25519
    dest: /root/.ssh/id_ed25519
    mode: u=rw,g=,o=

- name: Install ssh pub key
  copy:
    src: secrets/id_ed25519.pub
    dest: /root/.ssh/id_ed25519.pub