46 lines
1.1 KiB
YAML
46 lines
1.1 KiB
YAML
variant: fcos
|
|
version: 1.4.0
|
|
|
|
storage:
|
|
files:
|
|
- path: /etc/containers/systemd/ssh-host-cert-sign@.container
|
|
mode: 0644
|
|
contents:
|
|
local: ssh-host-cert-sign@.container
|
|
|
|
- path: /etc/ssh/sshd_config.d/10-hostcertificate.conf
|
|
mode: 0644
|
|
contents:
|
|
inline: |
|
|
HostCertificate /etc/ssh/ssh_host_ecdsa_key-cert.pub
|
|
HostCertificate /etc/ssh/ssh_host_ed25519_key-cert.pub
|
|
HostCertificate /etc/ssh/ssh_host_rsa_key-cert.pub
|
|
|
|
- path: /etc/sysconfig/ssh-host-cert-sign
|
|
mode: 0644
|
|
contents:
|
|
inline: |
|
|
SSHCA_SERVER=https://sshca.pyrocufflink.blue
|
|
|
|
- path: /etc/systemd/system/ssh-host-certs-renew.timer
|
|
mode: 0644
|
|
contents:
|
|
local: ssh-host-certs-renew.timer
|
|
|
|
- path: /etc/systemd/system/ssh-host-certs-renew.target
|
|
mode: 0644
|
|
contents:
|
|
local: ssh-host-certs-renew.target
|
|
|
|
- path: /etc/systemd/system/ssh-host-certs.service
|
|
mode: 0644
|
|
contents:
|
|
local: ssh-host-certs.service
|
|
|
|
systemd:
|
|
units:
|
|
- name: ssh-host-certs.service
|
|
enabled: true
|
|
- name: ssh-host-certs-renew.timer
|
|
enabled: true
|