diff options
| author | Emil Renner Berthing <esmil@labitat.dk> | 2020-02-27 14:44:24 +0100 |
|---|---|---|
| committer | Emil Renner Berthing <esmil@labitat.dk> | 2020-02-27 17:45:04 +0100 |
| commit | d26fe55aa9de5f0eb51152c22d12ff28a9c488d4 (patch) | |
| tree | 04501e2a33ec62cd07e4e55efd1a4ab411abc578 | |
| parent | 4115d711842ea235966868a325f5d42ee428db14 (diff) | |
| download | labitat-ansible-d26fe55aa9de5f0eb51152c22d12ff28a9c488d4.tar.gz labitat-ansible-d26fe55aa9de5f0eb51152c22d12ff28a9c488d4.tar.xz labitat-ansible-d26fe55aa9de5f0eb51152c22d12ff28a9c488d4.zip | |
space_server: use common secrets.yml in ansible root
..and generalize and move sshd tasks to fedora role.
| -rw-r--r-- | roles/debian/tasks/sshd.yml | 8 | ||||
| -rw-r--r-- | roles/fedora/tasks/main.yml | 2 | ||||
| -rw-r--r-- | roles/fedora/tasks/sshd.yml (renamed from roles/space_server/tasks/sshd.yml) | 17 | ||||
| -rwxr-xr-x | roles/space_server/bootstrap.sh | 5 | ||||
| -rw-r--r-- | roles/space_server/tasks/main.yml | 2 | ||||
| -rw-r--r-- | space.yml | 5 |
6 files changed, 14 insertions, 25 deletions
diff --git a/roles/debian/tasks/sshd.yml b/roles/debian/tasks/sshd.yml index 4c257fe..c342604 100644 --- a/roles/debian/tasks/sshd.yml +++ b/roles/debian/tasks/sshd.yml @@ -6,10 +6,10 @@ owner: root group: ssh_keys mode: 0640 - with_dict: '{{ ssh_host_keys }}' + with_dict: '{{ ssh_host_keys[hostname] }}' loop_control: label: '/etc/ssh/{{ item.key }}' - when: ssh_host_keys is defined + when: ssh_host_keys is defined and hostname in ssh_host_keys - name: Create public host keys copy: @@ -18,10 +18,10 @@ owner: root group: root mode: 0644 - with_dict: '{{ ssh_host_keys }}' + with_dict: '{{ ssh_host_keys[hostname] }}' loop_control: label: '/etc/ssh/{{ item.key }}.pub' - when: ssh_host_keys is defined + when: ssh_host_keys is defined and hostname in ssh_host_keys - name: Configure SSH daemon lineinfile: diff --git a/roles/fedora/tasks/main.yml b/roles/fedora/tasks/main.yml index 4492df5..de4c160 100644 --- a/roles/fedora/tasks/main.yml +++ b/roles/fedora/tasks/main.yml @@ -20,5 +20,7 @@ tags: networkd - import_tasks: timesyncd.yml tags: timesyncd +- import_tasks: sshd.yml + tags: sshd # vim: set ts=2 sw=2 et: diff --git a/roles/space_server/tasks/sshd.yml b/roles/fedora/tasks/sshd.yml index 14597b4..603fbf9 100644 --- a/roles/space_server/tasks/sshd.yml +++ b/roles/fedora/tasks/sshd.yml @@ -6,10 +6,10 @@ owner: root group: ssh_keys mode: 0640 - with_dict: '{{ ssh_host_keys }}' + with_dict: '{{ ssh_host_keys[hostname] }}' loop_control: label: '/etc/ssh/{{ item.key }}' - when: ssh_host_keys is defined + when: ssh_host_keys is defined and hostname in ssh_host_keys - name: Create public host keys copy: @@ -18,12 +18,12 @@ owner: root group: root mode: 0644 - with_dict: '{{ ssh_host_keys }}' + with_dict: '{{ ssh_host_keys[hostname] }}' loop_control: label: '/etc/ssh/{{ item.key }}.pub' - when: ssh_host_keys is defined + when: ssh_host_keys is defined and hostname in ssh_host_keys -- name: Configure sshd +- name: Configure SSH daemon lineinfile: path: '/etc/ssh/sshd_config' regexp: '{{ item.regexp }}' @@ -35,10 +35,9 @@ line: 'PasswordAuthentication no' - regexp: '^[# ]*GSSAPIAuthentication' line: 'GSSAPIAuthentication no' - notify: - - restart sshd + notify: restart sshd -- name: Enable sshd service +- name: Enable SSH daemon systemd: name: sshd.service enabled: yes @@ -47,8 +46,6 @@ when: not chroot - name: '- when in chroot' command: systemctl enable sshd.service - args: - creates: '/etc/systemd/system/multi-user.target.wants/sshd.service' when: chroot|bool # vim: set ts=2 sw=2 et: diff --git a/roles/space_server/bootstrap.sh b/roles/space_server/bootstrap.sh index 6d09592..218815e 100755 --- a/roles/space_server/bootstrap.sh +++ b/roles/space_server/bootstrap.sh @@ -41,7 +41,6 @@ set -e set -x release=29 -secrets='/etc/ansible/secrets.yml' dest="/mnt/fedora$release" if [[ -e "$dest" ]]; then echo "Destination '$dest' already exists. Aborting." >&2 @@ -61,10 +60,6 @@ dnf \ --enablerepo=updates \ install glibc-langpack-en dnf git ansible python-unversioned-command -if [[ -f "$secrets" ]]; then - install -m660 "$secrets" "$dest$secrets" -fi - for i in /var/lib/machines /var/lib/portables; do if [[ -d "$dest$i" ]]; then btrfs subvolume delete "$dest$i" diff --git a/roles/space_server/tasks/main.yml b/roles/space_server/tasks/main.yml index 374a8b6..1c5ae7c 100644 --- a/roles/space_server/tasks/main.yml +++ b/roles/space_server/tasks/main.yml @@ -19,8 +19,6 @@ tags: networkd - import_tasks: nftables.yml tags: nftables -- import_tasks: sshd.yml - tags: sshd - import_tasks: bird.yml tags: bird - import_tasks: dhcpd.yml @@ -6,10 +6,7 @@ chroot: "{{ ansible_connection == 'chroot' or 'container' in ansible_env }}" tags: always - name: Load secrets - include_vars: '{{ item }}' - with_first_found: - - /etc/ansible/secrets.yml - - secrets.yml + include_vars: 'secrets.yml' ignore_errors: yes tags: always roles: |