id_ed25519

roles/gitlab_runner/files/libvirt-executor

@@ -4,7 +4,7 @@ readonly libvirt_default_pool_path="/var/lib/libvirt/images"
 
 ssh() {
   command ssh \
-    -i "/etc/libvirt-executor/id_rsa" \
+    -i "/etc/libvirt-executor/id_ed25519" \
     -F /dev/null \
     -o ServerAliveCountMax=2 \
     -o ServerAliveInterval=15 \

roles/gitlab_runner/files/libvirt-executor-update-base-image

@@ -42,9 +42,8 @@ arch-chroot mnt pacman -Sy --noconfirm --needed archlinux-keyring
 arch-chroot mnt pacman -Syu --noconfirm --needed git git-lfs gitlab-runner
 sed -E 's/^#(IgnorePkg *=)/\1 linux/' -i mnt/etc/pacman.conf
 arch-chroot mnt userdel -r arch
-mkdir mnt/root/.ssh
-cp /etc/libvirt-executor/id_rsa.pub mnt/root/.ssh/authorized_keys
-chmod 600 mnt/root/.ssh/authorized_keys
+install -d -m0700 mnt/root/.ssh
+install -m0600 /etc/libvirt-executor/id_ed25519.pub mnt/root/.ssh/authorized_keys
 rm -f mnt/etc/machine-id
 
 cp -a mnt/boot/{initramfs-linux-fallback.img,initramfs-linux.img}

roles/gitlab_runner/tasks/main.yml

@@ -80,9 +80,9 @@
         - {src: libvirt-executor-update-base-image, dest: /usr/local/bin/, mode: 755}
 
     - name: create SSH keys for libvirt-executor
-      command: ssh-keygen -N "" -f /etc/libvirt-executor/id_rsa
+      command: ssh-keygen -N "" -f /etc/libvirt-executor/id_ed25519 -t ed25519
       args:
-        creates: /etc/libvirt-executor/id_rsa
+        creates: /etc/libvirt-executor/id_ed25519
 
     - name: install libvirt-executor-update-base-image.{service,timer}
       copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644