Use Ansible instead of Bash for provisioning

The deployment is not quite working, and I'm unable to test right now:
DigitalOcean is returning 503 for my requests.

As of this commit, I can run =ansible-playbook provider.yml= more than once and
it will actually be idempotent.

Notes:
- SSH fingerprint are now taken from the public key file instead of manually
supplying it in the terraform template using the =digitalocean_ssh_key=
resource;
- use Ansible instead of ad-hoc Bash scripts for provisioning the Droplets
created by Terraform;
- use the =filename.env.extension= to create the concrete files in CI;
- use the =user_data= to add the know SSH key pair to the newly created Droplet;
- add =rotate-ssh-keys.sh= utils;

1 files changed, 28 insertions, 0 deletions

diff --git a/rotate-ssh-keys.sh b/rotate-ssh-keys.sh
new file mode 100755
index 0000000..2e3f1fb
--- /dev/null
+++ b/rotate-ssh-keys.sh
@@ -0,0 +1,28 @@
+#!/usr/bin/env bash
+set -Eeuo pipefail
+cd "$(dirname "${BASH_SOURCE[0]}")"
+
+rm -f ./secrets/ssh/*
+ssh-keygen -t rsa -b 4096 -q -N '' -f ./secrets/ssh/vps-box-client
+ssh-keygen -t rsa -b 4096 -q -N '' -f ./secrets/ssh/vps-box-server
+PUBLIC_KEY="$(awk '{print $2}' < ./secrets/ssh/vps-box-server.pub)"
+echo "${TLD},${PINNED_IP} ssh-rsa ${PUBLIC_KEY}" > ./secrets/ssh/known-hosts.txt
+
+# git add ./secrets/ssh/
+# git commit -m "Script: rotate SSH keys"
+
+# rotate() {
+#   # FIXME: add email address?
+#   # FIXME: use 4096 instead of (default) 2048
+#   ssh-keygen -t rsa \
+#              -q     \
+#              -N ''  \
+#              -f "${1}"
+# }
+
+# rotate ./secrets/ssh/vps-box-client
+# rotate ./secrets/ssh/vps-box-server
+
+
+# FIXME:
+# Commit to repo the rotated files