web-logs: Fix logsync ssh keys

2021-09-26 13:24:47 +00:00 · 2021-09-26 13:24:47 +00:00 · 701a0c5309
commit 701a0c5309
parent 981ad490d4
1 changed files with 31 additions and 0 deletions
--- a/roles/web-logs/tasks/main.yml
+++ b/roles/web-logs/tasks/main.yml
@ -14,6 +14,36 @@
    shell: /sbin/nologin
    system: true

+- name: create logsync ssh key directory
+  file:
+    path: /etc/ssh/logsync
+    state: directory
+    mode: 0750
+    owner: root
+    group: logsync
+
+- name: create logsync ssh keys
+  command:
+    argv:
+      - ssh-keygen
+      - -t
+      - ed25519
+      - -C
+      - "logsync@{{ inventory_hostname }}"
+      - -f
+      - /etc/ssh/logsync/id_ed25519
+    creates: /etc/ssh/logsync/id_ed25519
+
+- name: fix logsync ssh key permissions
+  file:
+    path: "{{ item }}"
+    owner: root
+    group: logsync
+    mode: 0640
+  with_items:
+    - /etc/ssh/logsync/id_ed25519
+    - /etc/ssh/logsync/id_ed25519.pub
+
 - import_role:
    name: rclone
  vars:
@ -21,6 +51,7 @@
    remote_user: logsync
    hostgroup: webservers
    destination: /var/cache/sync-http-logs
+    private_key: /etc/ssh/logsync/id_ed25519

 - name: create data directories
  file: