From 2d39618a6f8900219e909898d69a08301ec9b53a Mon Sep 17 00:00:00 2001
From: hogweed1 <simple.not1759@gmail.com>
Date: Thu, 21 May 2026 02:26:42 +1000
Subject: [PATCH] ssh-certs hosts.

---
 playbooks/ssh-certs/deploy-host-certs.yml | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/playbooks/ssh-certs/deploy-host-certs.yml b/playbooks/ssh-certs/deploy-host-certs.yml
index 09efa94..a6dcf23 100644
--- a/playbooks/ssh-certs/deploy-host-certs.yml
+++ b/playbooks/ssh-certs/deploy-host-certs.yml
@@ -13,7 +13,15 @@
       file:
         path: "/tmp/ssh_host_certs/{{ inventory_hostname }}"
         state: directory
-        mode: '0700'
+        mode: '0755'
+
+    - name: Локальная генерация временной пары ключей на Ansible-машине
+      delegate_to: localhost
+      become: no
+      openssh_keypair:
+        path: "/tmp/ssh_host_certs/{{ inventory_hostname }}/ssh_host_ed25519_key"
+        type: ed25519
+        state: present
 
     - name: Удаленный выпуск Хост-сертификата силами step-ca
       delegate_to: localhost