Move ssh_known_hosts generation to own role

roles/ssh_known_hosts/tasks/main.yml

@@ -0,0 +1,8 @@
+---
+- name: create ssh known_hosts
+  template:
+    dest: /etc/ssh/ssh_known_hosts
+    src: ssh_known_hosts.j2
+    mode: 0644
+    owner: root
+    group: "{{ ansible_wheel }}"

roles/ssh_known_hosts/templates/ssh_known_hosts.j2

@@ -0,0 +1,5 @@
+{% for host, vars in hostvars|dictsort %}
+{%   if vars["ansible_ssh_host_key_ed25519_public"] is defined %}
+{{ host }} ssh-ed25519 {{ vars["ansible_ssh_host_key_ed25519_public"] }}
+{%   endif %}
+{% endfor %}