From 50a7bd5e58291c239e8aaf41cb06df7583a9d45b Mon Sep 17 00:00:00 2001
From: Pavel Raiskup <praiskup@redhat.com>
Date: Wed, 23 Nov 2022 13:10:13 +0100
Subject: [PATCH] basessh: invent no_ed25519_key option

And re-configure copr-be-dev.
---
 inventory/group_vars/copr_all_instances_aws |  3 +++
 inventory/inventory                         |  2 +-
 roles/basessh/templates/sshd_config         | 14 ++++++++++++--
 3 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/inventory/group_vars/copr_all_instances_aws b/inventory/group_vars/copr_all_instances_aws
index a29b40c4d8..465aec1846 100644
--- a/inventory/group_vars/copr_all_instances_aws
+++ b/inventory/group_vars/copr_all_instances_aws
@@ -1,2 +1,5 @@
 # Put here configuration for all copr instances (production, devel, ...)
 ---
+
+# TODO: https://pagure.io/fedora-infrastructure/issue/11006
+no_ed25519_key = 1
diff --git a/inventory/inventory b/inventory/inventory
index c79ce450eb..bbd4a1c981 100644
--- a/inventory/inventory
+++ b/inventory/inventory
@@ -948,7 +948,7 @@ copr-dist-git.aws.fedoraproject.org
 copr-fe-dev.aws.fedoraproject.org birthday=yes
 
 [copr_back_dev_aws]
-copr-be-dev.aws.fedoraproject.org
+copr-be-dev.aws.fedoraproject.org birthday=yes
 #copr-be-dev-temp.aws.fedoraproject.org
 
 [copr_keygen_aws]
diff --git a/roles/basessh/templates/sshd_config b/roles/basessh/templates/sshd_config
index bd6f809365..9f03284ede 100644
--- a/roles/basessh/templates/sshd_config
+++ b/roles/basessh/templates/sshd_config
@@ -12,13 +12,23 @@ Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.
 MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
 {% endif %}
 
+{% set ed25519_key=True %}
+
+{% if ansible_hostname.startswith(('pkgs01','pagure02')) %}
+{%   set ed25519_key=False %}
+{% endif %}
+
+{% if no_ed25519_key is defined %}
+{%   set ed25519_key=False %}
+{% endif %}
+
 HostKey /etc/ssh/ssh_host_rsa_key
-{% if not ansible_hostname.startswith(('pkgs01','pagure02')) %}
+{% if ed25519_key %}
 HostKey /etc/ssh/ssh_host_ed25519_key
 {% endif %}
 
 HostCertificate /etc/ssh/ssh_host_rsa_key-cert.pub
-{% if not ansible_hostname.startswith(('pkgs01','pagure02')) %}
+{% if ed25519_key %}
 HostCertificate /etc/ssh/ssh_host_ed25519_key-cert.pub
 {% endif %}