Initial commit

.gitignore

@@ -0,0 +1,3 @@
+.*.swp
+*~
+

README.md

@@ -0,0 +1,33 @@
+# ssh-hostkeys
+
+Depoly global available (Open)SSH host keys
+
+## Requirements
+
+- Set `ssh_hostkeys` variable as list of single-named(!) `known_hosts` entries
+
+## Role Variables
+
+Defaults:
+- `ssh_hostkeys`: `[]`
+- `ssh_hostkeys_file`: `/etc/ssh/ssh_known_hosts`
+
+## Dependencies
+
+- None
+
+## Example Playbook
+
+    - hosts: all
+      roles:
+        - role: ssh_hostkeys
+
+## License
+
+AGPL3.0-or-later
+
+## Author Information
+
+- Sven Velt <sven-ansiblerole@velt.biz>
+- https://git.velt.biz/
+

defaults/main.yml

@@ -0,0 +1,3 @@
+---
+ssh_hostkeys: []
+ssh_hostkeys_file: /etc/ssh/ssh_known_hosts

meta/main.yml

@@ -0,0 +1,39 @@
+galaxy_info:
+  author: Sven Velt
+  description: Deploy global SSH known hosts
+  company: velt.biz
+  issue_tracker_url: https://git.velt.biz/Ansible/ssh-hostkeys/issues
+  license: AGPL-3.0-or-later
+  min_ansible_version: 2.1
+  platforms:
+    - name: Debian
+      versions:
+        - stretch
+        - buster
+        - bullseye
+        - bookworm
+        - trixie
+    - name: Ubuntu
+      versions:
+        - bionic
+        - focal
+        - jammy
+        - noble
+    - name: Fedora
+      versions:
+        - 38
+        - 39
+        - 40
+        - 41
+    - name: EL
+      versions:
+        - 6
+        - 7
+        - 8
+        - 9
+
+  galaxy_tags:
+    - operations
+    - security
+
+dependencies: []

ssh-hostkeys.yml

@@ -0,0 +1,10 @@
+---
+- hosts: all
+
+  roles:
+    - role: ssh-hostkeys
+#     vars:
+#       ssh_hostkeys:
+#         - 'server1 ssh-ed25519 KEY'
+#         - 'server2:22 ssh-rsa KEY'
+

tasks/main.yml

@@ -0,0 +1,14 @@
+---
+- name: Sanity check
+  assert:
+    that:
+      - ssh_hostkeys|length > 0
+      - ansible_user_id == 'root'
+
+- name: Add global known hosts fingerprints for SSH
+  known_hosts:
+    path: '{{ ssh_hostkeys_file }}'
+    name: '{{ item.split(" ")[0] }}'
+    hash_host: false
+    key: '{{ item }}'
+  loop: '{{ ssh_hostkeys }}'