diff options
author | Emil Renner Berthing <esmil@labitat.dk> | 2020-02-27 14:44:24 +0100 |
---|---|---|
committer | Emil Renner Berthing <esmil@labitat.dk> | 2020-02-27 17:45:04 +0100 |
commit | d26fe55aa9de5f0eb51152c22d12ff28a9c488d4 (patch) | |
tree | 04501e2a33ec62cd07e4e55efd1a4ab411abc578 /roles/space_server | |
parent | 4115d711842ea235966868a325f5d42ee428db14 (diff) | |
download | labitat-ansible-d26fe55aa9de5f0eb51152c22d12ff28a9c488d4.tar.gz labitat-ansible-d26fe55aa9de5f0eb51152c22d12ff28a9c488d4.tar.xz labitat-ansible-d26fe55aa9de5f0eb51152c22d12ff28a9c488d4.zip |
space_server: use common secrets.yml in ansible root
..and generalize and move sshd tasks to fedora role.
Diffstat (limited to 'roles/space_server')
-rwxr-xr-x | roles/space_server/bootstrap.sh | 5 | ||||
-rw-r--r-- | roles/space_server/tasks/main.yml | 2 | ||||
-rw-r--r-- | roles/space_server/tasks/sshd.yml | 54 |
3 files changed, 0 insertions, 61 deletions
diff --git a/roles/space_server/bootstrap.sh b/roles/space_server/bootstrap.sh index 6d09592..218815e 100755 --- a/roles/space_server/bootstrap.sh +++ b/roles/space_server/bootstrap.sh @@ -41,7 +41,6 @@ set -e set -x release=29 -secrets='/etc/ansible/secrets.yml' dest="/mnt/fedora$release" if [[ -e "$dest" ]]; then echo "Destination '$dest' already exists. Aborting." >&2 @@ -61,10 +60,6 @@ dnf \ --enablerepo=updates \ install glibc-langpack-en dnf git ansible python-unversioned-command -if [[ -f "$secrets" ]]; then - install -m660 "$secrets" "$dest$secrets" -fi - for i in /var/lib/machines /var/lib/portables; do if [[ -d "$dest$i" ]]; then btrfs subvolume delete "$dest$i" diff --git a/roles/space_server/tasks/main.yml b/roles/space_server/tasks/main.yml index 374a8b6..1c5ae7c 100644 --- a/roles/space_server/tasks/main.yml +++ b/roles/space_server/tasks/main.yml @@ -19,8 +19,6 @@ tags: networkd - import_tasks: nftables.yml tags: nftables -- import_tasks: sshd.yml - tags: sshd - import_tasks: bird.yml tags: bird - import_tasks: dhcpd.yml diff --git a/roles/space_server/tasks/sshd.yml b/roles/space_server/tasks/sshd.yml deleted file mode 100644 index 14597b4..0000000 --- a/roles/space_server/tasks/sshd.yml +++ /dev/null @@ -1,54 +0,0 @@ ---- -- name: Create private host keys - copy: - dest: '/etc/ssh/{{ item.key }}' - content: '{{ item.value.private }}' - owner: root - group: ssh_keys - mode: 0640 - with_dict: '{{ ssh_host_keys }}' - loop_control: - label: '/etc/ssh/{{ item.key }}' - when: ssh_host_keys is defined - -- name: Create public host keys - copy: - dest: '/etc/ssh/{{ item.key }}.pub' - content: '{{ item.value.public }}' - owner: root - group: root - mode: 0644 - with_dict: '{{ ssh_host_keys }}' - loop_control: - label: '/etc/ssh/{{ item.key }}.pub' - when: ssh_host_keys is defined - -- name: Configure sshd - lineinfile: - path: '/etc/ssh/sshd_config' - regexp: '{{ item.regexp }}' - line: '{{ item.line }}' - with_items: - - regexp: '^[# ]*PermitRootLogin' - line: 'PermitRootLogin no' - - regexp: '^PasswordAuthentication' - line: 'PasswordAuthentication no' - - regexp: '^[# ]*GSSAPIAuthentication' - line: 'GSSAPIAuthentication no' - notify: - - restart sshd - -- name: Enable sshd service - systemd: - name: sshd.service - enabled: yes - masked: no - state: started - when: not chroot -- name: '- when in chroot' - command: systemctl enable sshd.service - args: - creates: '/etc/systemd/system/multi-user.target.wants/sshd.service' - when: chroot|bool - -# vim: set ts=2 sw=2 et: |