From bdc040771577f5aa55cb1a15820ada852f8d1710 Mon Sep 17 00:00:00 2001
From: hogweed1 <simple.not1759@gmail.com>
Date: Fri, 22 May 2026 01:31:22 +1000
Subject: [PATCH] ssh-certs hosts.

---
 playbooks/ssh-certs/deploy-host-certs.yml | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/playbooks/ssh-certs/deploy-host-certs.yml b/playbooks/ssh-certs/deploy-host-certs.yml
index 64acad7..8eedaa4 100644
--- a/playbooks/ssh-certs/deploy-host-certs.yml
+++ b/playbooks/ssh-certs/deploy-host-certs.yml
@@ -62,6 +62,20 @@
         marker: "# {mark} ANSIBLE MANAGED HOST CERTIFICATE BLOCK #"
       notify: Restart SSH
 
+    - name: Configure SSH HostKeys for Proxmox compatibility
+      blockinfile:
+        path: /etc/ssh/sshd_config  # Или укажите путь к дроп-ину в sshd_config.d/, если используете их
+        block: | 
+          # Coexistence with Proxmox internal clustering (Plain Keys fallback)
+          HostKey /etc/ssh/ssh_host_rsa_key 
+        marker: "# {mark} ANSIBLE MANAGED HOST CERTIFICATE BLOCK #"
+        create: true
+        mode: '0600'
+        validate: /usr/sbin/sshd -t -f %s
+      when: "'proxmoxes' in group_names"
+      notify: Restart sshd
+
+
     - name: Очистка временных файлов на Ansible-машине
       delegate_to: localhost
       become: no