From 806bab77201c0ba2c056609f13a6079f59456169 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Mon, 23 Jan 2023 18:08:16 +0100
Subject: [PATCH] Fedora 38 has no longer non-standard hostkey permissions

The Fedora commit introducing this change (now in Rawhide/Fedora 38
only):

https://src.fedoraproject.org/rpms/openssh/c/7a21555354a2c5e724aa4c287b640c24bf108780

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
---
 vars/Fedora.yml    |  2 --
 vars/Fedora_36.yml |  1 +
 vars/Fedora_37.yml | 27 +++++++++++++++++++++++++++
 3 files changed, 28 insertions(+), 2 deletions(-)
 create mode 120000 vars/Fedora_36.yml
 create mode 100644 vars/Fedora_37.yml

diff --git a/vars/Fedora.yml b/vars/Fedora.yml
index 5dbad3e..fa5b693 100644
--- a/vars/Fedora.yml
+++ b/vars/Fedora.yml
@@ -20,8 +20,6 @@ __sshd_verify_hostkeys_default:
   - /etc/ssh/ssh_host_ed25519_key
 __sshd_hostkeys_nofips:
   - /etc/ssh/ssh_host_ed25519_key
-__sshd_hostkey_group: ssh_keys
-__sshd_hostkey_mode: "0640"
 
 __sshd_drop_in_dir_mode: '0700'
 __sshd_main_config_file: /etc/ssh/sshd_config
diff --git a/vars/Fedora_36.yml b/vars/Fedora_36.yml
new file mode 120000
index 0000000..d21e4ae
--- /dev/null
+++ b/vars/Fedora_36.yml
@@ -0,0 +1 @@
+Fedora_37.yml
\ No newline at end of file
diff --git a/vars/Fedora_37.yml b/vars/Fedora_37.yml
new file mode 100644
index 0000000..5dbad3e
--- /dev/null
+++ b/vars/Fedora_37.yml
@@ -0,0 +1,27 @@
+---
+__sshd_os_supported: yes
+
+__sshd_packages:
+  - openssh
+  - openssh-server
+__sshd_sftp_server: /usr/libexec/openssh/sftp-server
+# Fedora 32 ships with drop-in directory support so we touch
+# just included file with highest priority by default
+__sshd_config_file: /etc/ssh/sshd_config.d/00-ansible_system_role.conf
+# the defaults here represent the defaults shipped in the main sshd_config
+__sshd_defaults:
+  Include: /etc/ssh/sshd_config.d/*.conf
+  AuthorizedKeysFile: .ssh/authorized_keys
+  Subsystem: sftp /usr/libexec/sftp-server
+
+__sshd_verify_hostkeys_default:
+  - /etc/ssh/ssh_host_rsa_key
+  - /etc/ssh/ssh_host_ecdsa_key
+  - /etc/ssh/ssh_host_ed25519_key
+__sshd_hostkeys_nofips:
+  - /etc/ssh/ssh_host_ed25519_key
+__sshd_hostkey_group: ssh_keys
+__sshd_hostkey_mode: "0640"
+
+__sshd_drop_in_dir_mode: '0700'
+__sshd_main_config_file: /etc/ssh/sshd_config