From fa8ab1026ee131ab8d68808bd7ebab3c5657f5bb Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Wed, 24 Jan 2024 15:09:06 +0100
Subject: whawty/auth/store: fix permission handling and add know-hosts file

---
 roles/whawty/auth/store/tasks/sync-client.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'roles/whawty/auth/store/tasks')

diff --git a/roles/whawty/auth/store/tasks/sync-client.yml b/roles/whawty/auth/store/tasks/sync-client.yml
index 106e347b..92657312 100644
--- a/roles/whawty/auth/store/tasks/sync-client.yml
+++ b/roles/whawty/auth/store/tasks/sync-client.yml
@@ -24,7 +24,10 @@
     type: ed25519
     comment: "whawty-auth-sync-{{ whawty_auth_store.name }}@{{ inventory_hostname }}"
 
-## TODO: known-hosts file...
+- name: generate known_hosts file
+  shell: "ssh-keyscan{% if 'port' in whawty_auth_store.sync %} -p {{ whawty_auth_store.sync.port }}{% endif %} {{ whawty_auth_store.sync.hostname }} > /etc/whawty/auth/.store-{{ whawty_auth_store.name }}-sync/known_hosts"
+  args:
+    creates: "/etc/whawty/auth/.store-{{ whawty_auth_store.name }}-sync/known_hosts"
 
 - name: install systemd units for whawty-auth store sync client
   loop:
-- 
cgit v1.2.3