From 29bd9b38222d81bc563a565dafec19e8d80281e9 Mon Sep 17 00:00:00 2001
From: Pim Kunis <pim@kunis.nl>
Date: Wed, 26 Apr 2023 19:26:11 +0200
Subject: [PATCH] init

---
 defaults/main.yml |  5 +++++
 meta/main.yml     | 18 ++++++++++++++++++
 tasks/main.yml    |  6 ++++++
 3 files changed, 29 insertions(+)
 create mode 100644 defaults/main.yml
 create mode 100644 meta/main.yml
 create mode 100644 tasks/main.yml

diff --git a/defaults/main.yml b/defaults/main.yml
new file mode 100644
index 0000000..afcb46f
--- /dev/null
+++ b/defaults/main.yml
@@ -0,0 +1,5 @@
+ssh_ca_known_hosts:
+  - domain: '*.dmz'
+    key: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAX2IhgHNxC6JTvLu9cej+iWuG+uJFMXn4AiRro9533x Host Certficate Authority for DMZ'
+  - domain: '*.hyp'
+    key: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFzRkH3d/KVJQouswY/DMpenWbDFVOnI3Vut0xR0e1tb Host Certficate Authority for HYP'
diff --git a/meta/main.yml b/meta/main.yml
new file mode 100644
index 0000000..e991b2d
--- /dev/null
+++ b/meta/main.yml
@@ -0,0 +1,18 @@
+galaxy_info:
+  role_name: ssh_ca_known_hosts
+  author: Pim Kunis
+  description: Add SSH certificate authorities to system-wide known hosts file.
+
+  issue_tracker_url: https://git.pim.kunis.nl/pim/ansible-role-ssh-ca-known-hosts/issues
+
+  license: GPLv3
+
+  min_ansible_version: 1.2
+
+  platforms:
+  - name: Debian
+    versions:
+    - bookworm
+
+  galaxy_tags:
+    - ssh
diff --git a/tasks/main.yml b/tasks/main.yml
new file mode 100644
index 0000000..6fdaf05
--- /dev/null
+++ b/tasks/main.yml
@@ -0,0 +1,6 @@
+- name: Add SSH CA to known hosts
+  known_hosts:
+    key: '@cert-authority {{ item.domain }} {{ item.key }}'
+    name: '@cert-authority {{ item.domain }}'
+    path: /etc/ssh/ssh_known_hosts
+  loop: '{{ ssh_ca_known_hosts }}'