From 701a0c53091f6ee36f1528a88151aef5948623ca Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Sun, 26 Sep 2021 13:24:47 +0000
Subject: [PATCH] web-logs: Fix logsync ssh keys

---
 roles/web-logs/tasks/main.yml | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/roles/web-logs/tasks/main.yml b/roles/web-logs/tasks/main.yml
index 9108bd8..ac21766 100644
--- a/roles/web-logs/tasks/main.yml
+++ b/roles/web-logs/tasks/main.yml
@@ -14,6 +14,36 @@
     shell: /sbin/nologin
     system: true
 
+- name: create logsync ssh key directory
+  file:
+    path: /etc/ssh/logsync
+    state: directory
+    mode: 0750
+    owner: root
+    group: logsync
+
+- name: create logsync ssh keys
+  command:
+    argv:
+      - ssh-keygen
+      - -t
+      - ed25519
+      - -C
+      - "logsync@{{ inventory_hostname }}"
+      - -f
+      - /etc/ssh/logsync/id_ed25519
+    creates: /etc/ssh/logsync/id_ed25519
+
+- name: fix logsync ssh key permissions
+  file:
+    path: "{{ item }}"
+    owner: root
+    group: logsync
+    mode: 0640
+  with_items:
+    - /etc/ssh/logsync/id_ed25519
+    - /etc/ssh/logsync/id_ed25519.pub
+
 - import_role:
     name: rclone
   vars:
@@ -21,6 +51,7 @@
     remote_user: logsync
     hostgroup: webservers
     destination: /var/cache/sync-http-logs
+    private_key: /etc/ssh/logsync/id_ed25519
 
 - name: create data directories
   file: