From 40e377052336a08dc7af97266ca12c0730b7f30e Mon Sep 17 00:00:00 2001
From: hogweed1 <simple.not1759@gmail.com>
Date: Fri, 22 May 2026 02:24:39 +1000
Subject: [PATCH] ssh-certs hosts.

---
 playbooks/ssh-certs/deploy-host-certs.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/playbooks/ssh-certs/deploy-host-certs.yml b/playbooks/ssh-certs/deploy-host-certs.yml
index 155711b..18cf6c7 100644
--- a/playbooks/ssh-certs/deploy-host-certs.yml
+++ b/playbooks/ssh-certs/deploy-host-certs.yml
@@ -53,6 +53,14 @@
         group: root
         mode: '0640' # Сертификат может быть 0640
 
+    - name: Add SSH Host CA to global known_hosts
+      known_hosts:
+        path: /etc/ssh/ssh_known_hosts
+        name: "*.guaranteedstruggle.host"
+        key: "@cert-authority *.guaranteedstruggle.host,192.168.0.* ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBFlDSADidBfwn3aDJiZM6Yg14bTjDTY6FxNsnBmT2B"
+        state: present
+      become: true 
+
     - name: Configure SSH HostKeys for Proxmox compatibility
       blockinfile:
         path: /etc/ssh/sshd_config  # Или укажите путь к дроп-ину в sshd_config.d/, если используете их