P:puppet::server: generate SSH key for syncing data

We will need SSH keys to sync CA and other private data between Puppet
servers. Generate a dedicated SSH key for this that we can then deploy
to the other Puppet servers using PuppetDB exported resources.

Author: supertassu

modules/profile/manifests/puppet/server.pp

@@ -247,6 +247,8 @@
 
   include profile::ssh::ca
 
+  ssh::client::user_key { 'puppet-sync': }
+
   # Expose SSH keys so users can verify them
   file { '/srv/www':
     ensure => directory,

modules/ssh/manifests/client.pp

@@ -10,4 +10,11 @@
       mode    => '0444',
     }
   }
+
+  file { '/etc/ssh/local_keys.d':
+    ensure => directory,
+    owner  => 'root',
+    group  => 'root',
+    mode   => '0555',
+  }
 }

modules/ssh/manifests/client/user_key.pp

@@ -0,0 +1,29 @@
+# @summary Generates an SSH keypair in a way that the public part will
+#  be available as a fact for use elsewhere.
+define ssh::client::user_key (
+  String[1] $owner = 'root',
+  String[1] $group = 'root',
+) {
+  exec { "ssh-key-generate-${title}":
+    command => "/usr/bin/ssh-keygen -f /etc/ssh/local_keys.d/${title} -C '${title} ${facts['networking']['fqdn']}' -t ed25519",
+    creates => "/etc/ssh/local_keys.d/${title}",
+    user    => $owner,
+    group   => $group,
+  }
+
+  file { "/etc/ssh/local_keys.d/${title}":
+    ensure  => file,
+    owner   => $owner,
+    group   => $group,
+    mode    => '0400',
+    require => Exec["ssh-key-generate-${title}"],
+  }
+
+  file { "/etc/ssh/local_keys.d/${title}.pub":
+    ensure  => file,
+    owner   => $owner,
+    group   => $group,
+    mode    => '0444',
+    require => File["/etc/ssh/local_keys.d/${title}"],
+  }
+}