From c40639337c4d78b7114cec63e256457905682cd6 Mon Sep 17 00:00:00 2001
From: Jan Philipp Timme <jan.philipp@timme.it>
Date: Mon, 3 May 2021 13:01:35 +0200
Subject: [PATCH] Add oneshot states to prepare freshly cloned machines

---
 hshbase/oneshot/README                       |  2 ++
 hshbase/oneshot/after-clone-prep.sls         |  4 ++++
 hshbase/oneshot/clear-systemd-machine-id.sls |  4 ++++
 hshbase/oneshot/renew-openssh-keys.sls       | 18 ++++++++++++++++++
 4 files changed, 28 insertions(+)
 create mode 100644 hshbase/oneshot/README
 create mode 100644 hshbase/oneshot/after-clone-prep.sls
 create mode 100644 hshbase/oneshot/clear-systemd-machine-id.sls
 create mode 100644 hshbase/oneshot/renew-openssh-keys.sls

diff --git a/hshbase/oneshot/README b/hshbase/oneshot/README
new file mode 100644
index 0000000..1d3eb10
--- /dev/null
+++ b/hshbase/oneshot/README
@@ -0,0 +1,2 @@
+States in this directory are meant to be fired at a machine once if needed.
+Do NOT put them into your top.sls, or you will suffer.
diff --git a/hshbase/oneshot/after-clone-prep.sls b/hshbase/oneshot/after-clone-prep.sls
new file mode 100644
index 0000000..b3c80ae
--- /dev/null
+++ b/hshbase/oneshot/after-clone-prep.sls
@@ -0,0 +1,4 @@
+include:
+  - .clear-systemd-machine-id
+  - .renew-openssh-keys
+
diff --git a/hshbase/oneshot/clear-systemd-machine-id.sls b/hshbase/oneshot/clear-systemd-machine-id.sls
new file mode 100644
index 0000000..5988093
--- /dev/null
+++ b/hshbase/oneshot/clear-systemd-machine-id.sls
@@ -0,0 +1,4 @@
+/etc/machine-id:
+  file.managed:
+    - mode: 0444
+    - contents: ''
diff --git a/hshbase/oneshot/renew-openssh-keys.sls b/hshbase/oneshot/renew-openssh-keys.sls
new file mode 100644
index 0000000..8299eb1
--- /dev/null
+++ b/hshbase/oneshot/renew-openssh-keys.sls
@@ -0,0 +1,18 @@
+hshbase_clear_old_ssh_host_keys:
+  cmd.run:
+    - name: 'bash -c "rm -v /etc/ssh/ssh_host_*key*'
+    - user: root
+
+hshbase_regenerate_ssh_host_keys:
+  cmd.run:
+    - name: 'dpkg-reconfigure openssh-server'
+    - user: root
+    - require:
+      - cmd: hshbase_clear_old_ssh_host_keys
+
+hshbase_restart_sshd:
+  cmd.run:
+    - name: 'systemctl restart ssh'
+    - user: root
+    - require:
+      - cmd: hshbase_regenerate_ssh_host_keys
-- 
GitLab