add dataserver's known host to homeserver

Makefile

@@ -32,6 +32,6 @@ borg:
 	ansible-playbook playbooks/borg.yml -i inventory/hosts.yml --ask-vault-pass
 
 dataserver:
-	ansible-playbook playbooks/dataserver.yml -i inventory/hosts.yml
+	ansible-playbook playbooks/dataserver.yml -i inventory/hosts.yml --ask-vault-pass
 
 .PHONY: run

inventory/group_vars/all.yml

@@ -1,2 +1,3 @@
-borg_public_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBTag7YToG5W+H2kEUz40kOH+7cs0Lp3owFFKkmHBiWM root@max"
+borg_public_key: "AAAAC3NzaC1lZDI1NTE5AAAAIBTag7YToG5W+H2kEUz40kOH+7cs0Lp3owFFKkmHBiWM"
+dataserver_public_key: "AAAAC3NzaC1lZDI1NTE5AAAAIJsLVptkoOwmxs6DnenN8u7Q1Tm/Psh0QdI6vjrTgb6D"
 backup_location: "/root/homeserver_backup"

roles/common/tasks/main.yml

@@ -23,3 +23,8 @@
     src: "{{ role_path }}/files/resolv.conf"
     dest: /etc/resolv.conf
     follow: true
+- name: Add dataserver to known hosts
+  known_hosts:
+    name: "lewis.lan"
+    key: "lewis.lan ssh-ed25519 {{ dataserver_public_key }}"
+    state: present

roles/dataserver/files/ssh_host_ed25519_key

@@ -0,0 +1,25 @@
+$ANSIBLE_VAULT;1.1;AES256
+38633038656332643033396338303864343332636434633331366266383235316235313236646361
+6634313931303637616535373966316165656564366437330a393465356237626631303063363061
+62323737343635316139636664663937333233323737376238656566633037613938383737306132
+6237633230623962320a643433323532646261366532346234653332323336653162366433626465
+31386461393535303730333865356364646137386634643630353831383039353763396536313439
+30333335623364306166346232303862633636633066323062313531363234396362653232316261
+36666132623030323332623334323632636639646239363032626364646334643461346662616366
+39656266643937663531656137353031353130366238326535383261333539353439353566313537
+38353632353039643530613766313033313063333331333733613939383731663262623766626266
+64363061306166353633333634363332633461346538316661666364626639366132356434343631
+61373432633863643237386435386633366161393934646562343261386335353638353033343932
+62393633366163613064393966663830646237613265396462376238396639363566363865303861
+36343666326632626166323430303137323236346137346131623636653236353061343633383437
+61396534636166353038626162376335363137636164616631646261366332303135306237356432
+61626261656332666536343039316333303431653931666233363366613166663266663130656633
+39316363326532653665626136393135373863383234326638303466353930653038303433643536
+30666237363230306634333162396562623034386232666465343631306433373764626634613635
+63343965623163356536626162613863373033396565366361353538323933656165653932653937
+34666538353139636366333765363733336134396566613134303530633666326165306131353535
+33653133663166333964326330366530643730363861626261666366383334613661303762636663
+34376531343732346630643466616638323537633665373333346162306361393836326533636630
+61656335306337643930613662613832626530653630343566643661356666313331316438366538
+37333166636639363838303665626137643731626338356662656338393335343239376635303633
+35663237653238313133

roles/dataserver/tasks/main.yml

@@ -1,3 +1,13 @@
+- name: Copy host public key
+  template:
+    src: "{{ role_path }}/templates/ssh_host_ed25519_key.pub.j2"
+    dest: "/etc/ssh/ssh_host_ed25519_key.pub"
+    mode: 0644
+- name: Copy host private key
+  copy:
+    src: "{{ role_path }}/files/ssh_host_ed25519_key"
+    dest: "/etc/ssh/ssh_host_ed25519_key"
+    mode: 0600
 - name: APT upgrade
   apt:
     autoremove: true
@@ -10,7 +20,7 @@
     name: borgbackup
 - name: Add Borg public key
   authorized_key:
-    key: "{{ borg_public_key }}"
+    key: "ssh-ed25519 {{ borg_public_key }} root@max"
     user: "{{ ansible_user_id }}"
 - name: Create Borg repository
   command:

roles/dataserver/templates/ssh_host_ed25519_key.pub.j2

@@ -0,0 +1 @@
+ssh-ed25519 {{ dataserver_public_key }} root@lewis