space_server: sshd: keep host keys in secrets.yml

2 files changed, 25 insertions, 2 deletions

diff --git a/roles/space_server/tasks/sshd.yml b/roles/space_server/tasks/sshd.yml
index aaf6452..63f3367 100644
--- a/roles/space_server/tasks/sshd.yml
+++ b/roles/space_server/tasks/sshd.yml
@@ -6,6 +6,30 @@
   tags:
   - packages
 
+- name: Create private host keys
+  copy:
+    dest: '/etc/ssh/{{ item.key }}'
+    content: '{{ item.value.private }}'
+    owner: root
+    group: ssh_keys
+    mode: 0640
+  with_dict: '{{ ssh_host_keys }}'
+  loop_control:
+    label: '/etc/ssh/{{ item.key }}'
+  when: ssh_host_keys is defined
+
+- name: Create public host keys
+  copy:
+    dest: '/etc/ssh/{{ item.key }}.pub'
+    content: '{{ item.value.public }}'
+    owner: root
+    group: root
+    mode: 0644
+  with_dict: '{{ ssh_host_keys }}'
+  loop_control:
+    label: '/etc/ssh/{{ item.key }}.pub'
+  when: ssh_host_keys is defined
+
 - name: Configure sshd
   lineinfile:
     path: '/etc/ssh/sshd_config'
diff --git a/space.yml b/space.yml
index 90f12b6..2df78e5 100644
--- a/space.yml
+++ b/space.yml
@@ -12,8 +12,7 @@
       - /etc/ansible/secrets.yml
       - secrets.yml
       skip: true
-    tags:
-    - radius
+    tags: always
   roles:
   - space_server