From d26fe55aa9de5f0eb51152c22d12ff28a9c488d4 Mon Sep 17 00:00:00 2001 From: Emil Renner Berthing Date: Thu, 27 Feb 2020 14:44:24 +0100 Subject: space_server: use common secrets.yml in ansible root ..and generalize and move sshd tasks to fedora role. --- roles/space_server/tasks/main.yml | 2 -- roles/space_server/tasks/sshd.yml | 54 --------------------------------------- 2 files changed, 56 deletions(-) delete mode 100644 roles/space_server/tasks/sshd.yml (limited to 'roles/space_server/tasks') diff --git a/roles/space_server/tasks/main.yml b/roles/space_server/tasks/main.yml index 374a8b6..1c5ae7c 100644 --- a/roles/space_server/tasks/main.yml +++ b/roles/space_server/tasks/main.yml @@ -19,8 +19,6 @@ tags: networkd - import_tasks: nftables.yml tags: nftables -- import_tasks: sshd.yml - tags: sshd - import_tasks: bird.yml tags: bird - import_tasks: dhcpd.yml diff --git a/roles/space_server/tasks/sshd.yml b/roles/space_server/tasks/sshd.yml deleted file mode 100644 index 14597b4..0000000 --- a/roles/space_server/tasks/sshd.yml +++ /dev/null @@ -1,54 +0,0 @@ ---- -- name: Create private host keys - copy: - dest: '/etc/ssh/{{ item.key }}' - content: '{{ item.value.private }}' - owner: root - group: ssh_keys - mode: 0640 - with_dict: '{{ ssh_host_keys }}' - loop_control: - label: '/etc/ssh/{{ item.key }}' - when: ssh_host_keys is defined - -- name: Create public host keys - copy: - dest: '/etc/ssh/{{ item.key }}.pub' - content: '{{ item.value.public }}' - owner: root - group: root - mode: 0644 - with_dict: '{{ ssh_host_keys }}' - loop_control: - label: '/etc/ssh/{{ item.key }}.pub' - when: ssh_host_keys is defined - -- name: Configure sshd - lineinfile: - path: '/etc/ssh/sshd_config' - regexp: '{{ item.regexp }}' - line: '{{ item.line }}' - with_items: - - regexp: '^[# ]*PermitRootLogin' - line: 'PermitRootLogin no' - - regexp: '^PasswordAuthentication' - line: 'PasswordAuthentication no' - - regexp: '^[# ]*GSSAPIAuthentication' - line: 'GSSAPIAuthentication no' - notify: - - restart sshd - -- name: Enable sshd service - systemd: - name: sshd.service - enabled: yes - masked: no - state: started - when: not chroot -- name: '- when in chroot' - command: systemctl enable sshd.service - args: - creates: '/etc/systemd/system/multi-user.target.wants/sshd.service' - when: chroot|bool - -# vim: set ts=2 sw=2 et: -- cgit v1.2.1