1 files changed, 23 insertions, 0 deletions
diff --git a/ansible/inventory/host_vars/webby/certs.yml b/ansible/inventory/host_vars/webby/certs.yml
new file mode 100644
index 0000000..c38b80d
--- /dev/null
+++ b/ansible/inventory/host_vars/webby/certs.yml
@@ -0,0 +1,23 @@
+---
+certs:
+  # Copy only these private keys and certs from ansible into the system
+  keyTypes:
+    - rsa2048
+    - prime256v1
+# requested can EITHER be:
+# - just a list of hostnames (then we depoly all 'keyTypes' for each hostname)
+# - or, a mapping of, e.g.:
+#   - host: example1.com
+#     type: rsa2048
+#   - host: example1.com
+#     type: prime256v1
+  required:
+    - example1.com
+    - example2.com
+    - example3.com
+  # These users have ansible-controlled ssh private keys
+  # (mainly for automated backups right now)
+  sshKeysForUsers: []
+  #  - root

diff --git a/ansible/inventory/host_vars/webby/certs.yml b/ansible/inventory/host_vars/webby/certs.yml new file mode 100644 index 0000000..c38b80d --- /dev/null +++ b/ansible/inventory/host_vars/webby/certs.yml
@@ -0,0 +1,23 @@
	1	---
	2	certs:
	3	# Copy only these private keys and certs from ansible into the system
	4	keyTypes:
	5	- rsa2048
	6	- prime256v1
	7
	8	# requested can EITHER be:
	9	# - just a list of hostnames (then we depoly all 'keyTypes' for each hostname)
	10	# - or, a mapping of, e.g.:
	11	# - host: example1.com
	12	# type: rsa2048
	13	# - host: example1.com
	14	# type: prime256v1
	15	required:
	16	- example1.com
	17	- example2.com
	18	- example3.com
	19
	20	# These users have ansible-controlled ssh private keys
	21	# (mainly for automated backups right now)
	22	sshKeysForUsers: []
	23	# - root