From d26fe55aa9de5f0eb51152c22d12ff28a9c488d4 Mon Sep 17 00:00:00 2001
From: Emil Renner Berthing <esmil@labitat.dk>
Date: Thu, 27 Feb 2020 14:44:24 +0100
Subject: space_server: use common secrets.yml in ansible root

..and generalize and move sshd tasks to fedora role.
---
 roles/space_server/tasks/main.yml |  2 --
 roles/space_server/tasks/sshd.yml | 54 ---------------------------------------
 2 files changed, 56 deletions(-)
 delete mode 100644 roles/space_server/tasks/sshd.yml

(limited to 'roles/space_server/tasks')

diff --git a/roles/space_server/tasks/main.yml b/roles/space_server/tasks/main.yml
index 374a8b6..1c5ae7c 100644
--- a/roles/space_server/tasks/main.yml
+++ b/roles/space_server/tasks/main.yml
@@ -19,8 +19,6 @@
   tags: networkd
 - import_tasks: nftables.yml
   tags: nftables
-- import_tasks: sshd.yml
-  tags: sshd
 - import_tasks: bird.yml
   tags: bird
 - import_tasks: dhcpd.yml
diff --git a/roles/space_server/tasks/sshd.yml b/roles/space_server/tasks/sshd.yml
deleted file mode 100644
index 14597b4..0000000
--- a/roles/space_server/tasks/sshd.yml
+++ /dev/null
@@ -1,54 +0,0 @@
----
-- name: Create private host keys
-  copy:
-    dest: '/etc/ssh/{{ item.key }}'
-    content: '{{ item.value.private }}'
-    owner: root
-    group: ssh_keys
-    mode: 0640
-  with_dict: '{{ ssh_host_keys }}'
-  loop_control:
-    label: '/etc/ssh/{{ item.key }}'
-  when: ssh_host_keys is defined
-
-- name: Create public host keys
-  copy:
-    dest: '/etc/ssh/{{ item.key }}.pub'
-    content: '{{ item.value.public }}'
-    owner: root
-    group: root
-    mode: 0644
-  with_dict: '{{ ssh_host_keys }}'
-  loop_control:
-    label: '/etc/ssh/{{ item.key }}.pub'
-  when: ssh_host_keys is defined
-
-- name: Configure sshd
-  lineinfile:
-    path: '/etc/ssh/sshd_config'
-    regexp: '{{ item.regexp }}'
-    line: '{{ item.line }}'
-  with_items:
-  - regexp: '^[# ]*PermitRootLogin'
-    line: 'PermitRootLogin no'
-  - regexp: '^PasswordAuthentication'
-    line: 'PasswordAuthentication no'
-  - regexp: '^[# ]*GSSAPIAuthentication'
-    line: 'GSSAPIAuthentication no'
-  notify:
-  - restart sshd
-
-- name: Enable sshd service
-  systemd:
-    name: sshd.service
-    enabled: yes
-    masked: no
-    state: started
-  when: not chroot
-- name: '- when in chroot'
-  command: systemctl enable sshd.service
-  args:
-    creates: '/etc/systemd/system/multi-user.target.wants/sshd.service'
-  when: chroot|bool
-
-# vim: set ts=2 sw=2 et:
-- 
cgit v1.2.1