From d26fe55aa9de5f0eb51152c22d12ff28a9c488d4 Mon Sep 17 00:00:00 2001 From: Emil Renner Berthing Date: Thu, 27 Feb 2020 14:44:24 +0100 Subject: space_server: use common secrets.yml in ansible root ..and generalize and move sshd tasks to fedora role. --- roles/space_server/bootstrap.sh | 5 ---- roles/space_server/tasks/main.yml | 2 -- roles/space_server/tasks/sshd.yml | 54 --------------------------------------- 3 files changed, 61 deletions(-) delete mode 100644 roles/space_server/tasks/sshd.yml (limited to 'roles/space_server') diff --git a/roles/space_server/bootstrap.sh b/roles/space_server/bootstrap.sh index 6d09592..218815e 100755 --- a/roles/space_server/bootstrap.sh +++ b/roles/space_server/bootstrap.sh @@ -41,7 +41,6 @@ set -e set -x release=29 -secrets='/etc/ansible/secrets.yml' dest="/mnt/fedora$release" if [[ -e "$dest" ]]; then echo "Destination '$dest' already exists. Aborting." >&2 @@ -61,10 +60,6 @@ dnf \ --enablerepo=updates \ install glibc-langpack-en dnf git ansible python-unversioned-command -if [[ -f "$secrets" ]]; then - install -m660 "$secrets" "$dest$secrets" -fi - for i in /var/lib/machines /var/lib/portables; do if [[ -d "$dest$i" ]]; then btrfs subvolume delete "$dest$i" diff --git a/roles/space_server/tasks/main.yml b/roles/space_server/tasks/main.yml index 374a8b6..1c5ae7c 100644 --- a/roles/space_server/tasks/main.yml +++ b/roles/space_server/tasks/main.yml @@ -19,8 +19,6 @@ tags: networkd - import_tasks: nftables.yml tags: nftables -- import_tasks: sshd.yml - tags: sshd - import_tasks: bird.yml tags: bird - import_tasks: dhcpd.yml diff --git a/roles/space_server/tasks/sshd.yml b/roles/space_server/tasks/sshd.yml deleted file mode 100644 index 14597b4..0000000 --- a/roles/space_server/tasks/sshd.yml +++ /dev/null @@ -1,54 +0,0 @@ ---- -- name: Create private host keys - copy: - dest: '/etc/ssh/{{ item.key }}' - content: '{{ item.value.private }}' - owner: root - group: ssh_keys - mode: 0640 - with_dict: '{{ ssh_host_keys }}' - loop_control: - label: '/etc/ssh/{{ item.key }}' - when: ssh_host_keys is defined - -- name: Create public host keys - copy: - dest: '/etc/ssh/{{ item.key }}.pub' - content: '{{ item.value.public }}' - owner: root - group: root - mode: 0644 - with_dict: '{{ ssh_host_keys }}' - loop_control: - label: '/etc/ssh/{{ item.key }}.pub' - when: ssh_host_keys is defined - -- name: Configure sshd - lineinfile: - path: '/etc/ssh/sshd_config' - regexp: '{{ item.regexp }}' - line: '{{ item.line }}' - with_items: - - regexp: '^[# ]*PermitRootLogin' - line: 'PermitRootLogin no' - - regexp: '^PasswordAuthentication' - line: 'PasswordAuthentication no' - - regexp: '^[# ]*GSSAPIAuthentication' - line: 'GSSAPIAuthentication no' - notify: - - restart sshd - -- name: Enable sshd service - systemd: - name: sshd.service - enabled: yes - masked: no - state: started - when: not chroot -- name: '- when in chroot' - command: systemctl enable sshd.service - args: - creates: '/etc/systemd/system/multi-user.target.wants/sshd.service' - when: chroot|bool - -# vim: set ts=2 sw=2 et: -- cgit v1.2.1