openpunk-ansible/roles/git/tasks/main.yml
CPunch e8fe024b77 roles/git: ssh known_hosts is now idempotent
- roles/git now uses blockinfile to ensure the github ssh keypairs are trusted, and to allow subsequent ssh keypairs to be trusted and not overwritten by future runs.
- this commit marks idempotency for all roles. after a successful run of this playbook, subsequent runs will result in a change=0 !!!!!
2023-01-19 20:50:30 -06:00

38 lines
962 B
YAML

---
- name: Setup git config
copy:
src: .gitconfig
dest: /root/.gitconfig
owner: root
mode: u=rw,g=,o=
# make sure our vps trusts the github.com key signature. we pipe the output
# of ssh-keyscan into .ssh/known_hosts
- name: Scan for SSH host keys
command: ssh-keyscan github.com 2>/dev/null
register: ssh_scan
changed_when: false
- name: Update .ssh/known_hosts
blockinfile:
path: /root/.ssh/known_hosts
block: "{{ ssh_scan.stdout_lines|join('\n') }}"
insertbefore: BOF
create: yes
owner: root
mode: u=rw,g=,o=
# this keypair is trusted under my github account, so it allows my vps to make pushes
# to the main branch of my openpunk repository. (see roles/deadswitchfiles/imdead.sh)
- name: Install ssh priv key
copy:
src: secrets/id_ed25519
dest: /root/.ssh/id_ed25519
mode: u=rw,g=,o=
- name: Install ssh pub key
copy:
src: secrets/id_ed25519.pub
dest: /root/.ssh/id_ed25519.pub