---
# vim: set expandtab tabstop=2 shiftwidth=2:
- name: create sshca-user
  user:
    name: '{{ssh_ca_user}}'
    comment: SSH-CA
    shell: /bin/sh
    createhome: yes
    home: '{{ssh_ca_home}}'
    move_home: no
    skeleton: no
- name: install ssh-ca
  copy:
    src: ssh-ca.rb
    dest: '{{ssh_ca_home}}/ssh-ca'
- name: base-dir
  file:
    path: '{{ssh_ca_base_dir}}'
    owner: '{{ssh_ca_user}}'
    mode: 0700
- name: CA
  openssh_keypair:
    path: '{{ssh_ca_base_dir}}/ca'
    type: ed25519
    owner: '{{ssh_ca_user}}'
    comment: '{{ssh_ca_name|mandatory}}'
    force: '{{ssh_ca_force_regeneration|default(false)}}'