From 80c91ba8ad332dbcecdf8a328fd5ef8f5c03e322 Mon Sep 17 00:00:00 2001
From: Tyler Hale <tyler@haletek.com>
Date: Sun, 24 Nov 2024 15:24:53 -0700
Subject: [PATCH] Moving ssh hostkeys to openssh_keypair

---
 roles/base/tasks/core_hostname.yml | 53 ++++++++++++++++--------------
 1 file changed, 29 insertions(+), 24 deletions(-)

diff --git a/roles/base/tasks/core_hostname.yml b/roles/base/tasks/core_hostname.yml
index f5a7b5b..0b963bb 100644
--- a/roles/base/tasks/core_hostname.yml
+++ b/roles/base/tasks/core_hostname.yml
@@ -23,35 +23,40 @@
       line: '127.0.1.1 {{ base_core_hostname }}'
       state: present
 
-  - name: Remove ssh certs
+  - name: Generate /etc/ssh/ RSA host key
+    openssh_keypair:
+      path: /etc/ssh/ssh_host_rsa_key
+      owner: root
+      state: present
+      type: rsa
+      regenerate: full_idempotence
+      force: yes
+
+  - name: Generate /etc/ssh/ ECDSA host key
+    openssh_keypair:
+      path: /etc/ssh/ssh_host_rsa_key
+      owner: root
+      state: present
+      type: ecdsa
+      regenerate: full_idempotence
+      force: yes
+
+  - name: Generate /etc/ssh/ ED25519 host key
+    openssh_keypair:
+      path: /etc/ssh/ssh_host_rsa_key
+      owner: root
+      state: present
+      type: ed25519
+      regenerate: full_idempotence
+      force: yes
+
+  - name: Remove /etc/ssh/ DSA host key
     file:
       state: absent
       path: "{{item}}"
     loop:
-    - /etc/ssh/ssh_host_rsa_key
     - /etc/ssh/ssh_host_dsa_key
-    - /etc/ssh/ssh_host_ecdsa_key
-    - /etc/ssh/ssh_host_ed25519_key
-
-  - name: Generate /etc/ssh/ RSA host key
-    command : ssh-keygen -q -t rsa -f /etc/ssh/ssh_host_rsa_key -C "" -N ""
-    args:
-      creates: /etc/ssh/ssh_host_rsa_key
-  
-  - name: Generate /etc/ssh/ DSA host key
-    command : ssh-keygen -q -t dsa -f /etc/ssh/ssh_host_dsa_key -C "" -N ""
-    args:
-      creates: /etc/ssh/ssh_host_dsa_key
-  
-  - name: Generate /etc/ssh/ ECDSA host key
-    command : ssh-keygen -q -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -C "" -N ""
-    args:
-      creates: /etc/ssh/ssh_host_ecdsa_key
-
-  - name: Generate /etc/ssh/ ED25519 host key
-    command : ssh-keygen -q -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -C "" -N ""
-    args:
-      creates: /etc/ssh/ssh_host_ed25519_key
+    - /etc/ssh/ssh_host_dsa_key.pub
   when: hostname_change.changed
 
 - name: Flush handlers