variant: fcos
version: 1.4.0

storage:
  files:
  - path: /etc/containers/systemd/ssh-host-cert-sign@.container
    mode: 0644
    contents:
      local: ssh-host-cert-sign@.container

  - path: /etc/ssh/sshd_config.d/10-hostcertificate.conf
    mode: 0644
    contents:
      inline: |
        HostCertificate /etc/ssh/ssh_host_ecdsa_key-cert.pub
        HostCertificate /etc/ssh/ssh_host_ed25519_key-cert.pub
        HostCertificate /etc/ssh/ssh_host_rsa_key-cert.pub

  - path: /etc/sysconfig/ssh-host-cert-sign
    mode: 0644
    contents:
      inline: |
        SSHCA_SERVER=https://sshca.pyrocufflink.blue

  - path: /etc/systemd/system/ssh-host-certs-renew.timer
    mode: 0644
    contents:
      local: ssh-host-certs-renew.timer

  - path: /etc/systemd/system/ssh-host-certs-renew.target
    mode: 0644
    contents:
      local: ssh-host-certs-renew.target

  - path: /etc/systemd/system/ssh-host-certs.service
    mode: 0644
    contents:
      local: ssh-host-certs.service

systemd:
  units:
  - name: ssh-host-certs.service
    enabled: true
  - name: ssh-host-certs-renew.timer
    enabled: true