basessh: invent no_ed25519_key option

And re-configure copr-be-dev.

inventory/group_vars/copr_all_instances_aws

@@ -1,2 +1,5 @@
 # Put here configuration for all copr instances (production, devel, ...)
 ---
+
+# TODO: https://pagure.io/fedora-infrastructure/issue/11006
+no_ed25519_key = 1

inventory/inventory

@@ -948,7 +948,7 @@ copr-dist-git.aws.fedoraproject.org
 copr-fe-dev.aws.fedoraproject.org birthday=yes
 
 [copr_back_dev_aws]
-copr-be-dev.aws.fedoraproject.org
+copr-be-dev.aws.fedoraproject.org birthday=yes
 #copr-be-dev-temp.aws.fedoraproject.org
 
 [copr_keygen_aws]

roles/basessh/templates/sshd_config

@@ -12,13 +12,23 @@ Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.
 MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
 {% endif %}
 
+{% set ed25519_key=True %}
+
+{% if ansible_hostname.startswith(('pkgs01','pagure02')) %}
+{%   set ed25519_key=False %}
+{% endif %}
+
+{% if no_ed25519_key is defined %}
+{%   set ed25519_key=False %}
+{% endif %}
+
 HostKey /etc/ssh/ssh_host_rsa_key
-{% if not ansible_hostname.startswith(('pkgs01','pagure02')) %}
+{% if ed25519_key %}
 HostKey /etc/ssh/ssh_host_ed25519_key
 {% endif %}
 
 HostCertificate /etc/ssh/ssh_host_rsa_key-cert.pub
-{% if not ansible_hostname.startswith(('pkgs01','pagure02')) %}
+{% if ed25519_key %}
 HostCertificate /etc/ssh/ssh_host_ed25519_key-cert.pub
 {% endif %}