diff options
Diffstat (limited to 'roles')
-rw-r--r-- | roles/whawty/auth/store/tasks/sync-client.yml | 5 | ||||
-rw-r--r-- | roles/whawty/auth/store/templates/systemd.service.j2 | 2 |
2 files changed, 5 insertions, 2 deletions
diff --git a/roles/whawty/auth/store/tasks/sync-client.yml b/roles/whawty/auth/store/tasks/sync-client.yml index 106e347b..92657312 100644 --- a/roles/whawty/auth/store/tasks/sync-client.yml +++ b/roles/whawty/auth/store/tasks/sync-client.yml @@ -24,7 +24,10 @@ type: ed25519 comment: "whawty-auth-sync-{{ whawty_auth_store.name }}@{{ inventory_hostname }}" -## TODO: known-hosts file... +- name: generate known_hosts file + shell: "ssh-keyscan{% if 'port' in whawty_auth_store.sync %} -p {{ whawty_auth_store.sync.port }}{% endif %} {{ whawty_auth_store.sync.hostname }} > /etc/whawty/auth/.store-{{ whawty_auth_store.name }}-sync/known_hosts" + args: + creates: "/etc/whawty/auth/.store-{{ whawty_auth_store.name }}-sync/known_hosts" - name: install systemd units for whawty-auth store sync client loop: diff --git a/roles/whawty/auth/store/templates/systemd.service.j2 b/roles/whawty/auth/store/templates/systemd.service.j2 index 1081df60..5b1db6b2 100644 --- a/roles/whawty/auth/store/templates/systemd.service.j2 +++ b/roles/whawty/auth/store/templates/systemd.service.j2 @@ -12,7 +12,7 @@ Description=sync for whawty-auth store {{ whawty_auth_store.name }} [Service] Type=oneshot -ExecStart=/usr/bin/rsync -rtpW --delete --delete-delay --delay-updates --partial-dir=.tmp{{ rsync_args | join('') }} -e 'ssh -F "/etc/whawty/auth/.store-{{ whawty_auth_store.name }}-sync/ssh_config"' 'rsync://whawty-auth-server/store' '{{ whawty_auth_store.config.basedir }}' +ExecStart=/usr/bin/rsync -rtW --delete --delete-delay --delay-updates --partial-dir=.tmp{{ rsync_args | join('') }} -e 'ssh -F "/etc/whawty/auth/.store-{{ whawty_auth_store.name }}-sync/ssh_config"' 'rsync://whawty-auth-server/store' '{{ whawty_auth_store.config.basedir }}' TimeoutStartSec=40s # systemd hardening-options |