From c9baaa22051298ad6fa13fc5343d8aa6a29a301b Mon Sep 17 00:00:00 2001 From: Pim Kunis Date: Tue, 11 Apr 2023 17:41:11 +0200 Subject: [PATCH] change backup user name --- configure/atlas.yml | 8 ++++---- configure/inventory/host_vars/atlas.yml | 2 ++ configure/{sshd.conf => sshd.conf.j2} | 4 ++-- 3 files changed, 8 insertions(+), 6 deletions(-) rename configure/{sshd.conf => sshd.conf.j2} (61%) diff --git a/configure/atlas.yml b/configure/atlas.yml index 092ac54..1e00624 100644 --- a/configure/atlas.yml +++ b/configure/atlas.yml @@ -94,22 +94,22 @@ notify: enable interfaces - name: Add backup user user: - name: lewis + name: "{{ backup_share_user }}" create_home: false password: '!' shell: /sbin/nologin system: true - name: Add backup user principals file copy: - dest: "/etc/ssh/lewis_principals" + dest: "/etc/ssh/backup_principals" content: "backup" - name: Install user CA copy: dest: "/etc/ssh/user_ca_key.pub" content: "{{ user_ca }}" - name: Copy ssh config for backup user - copy: - src: "sshd.conf" + template: + src: "sshd.conf.j2" dest: "/etc/ssh/sshd_config.d/custom.conf" notify: restart sshd roles: diff --git a/configure/inventory/host_vars/atlas.yml b/configure/inventory/host_vars/atlas.yml index 9cf745f..d7fd4c5 100644 --- a/configure/inventory/host_vars/atlas.yml +++ b/configure/inventory/host_vars/atlas.yml @@ -1,3 +1,5 @@ +backup_share_user: "backup-share" +backup_control_user: "backup-control" user_ca: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGKOClnK6/Hj8INjEgULY/lD2FM/nbiJHqaSXtEw4+Fj User Certificate Authority for DMZ" storage_pools: [iso, disk, init] wireguard_addresses: diff --git a/configure/sshd.conf b/configure/sshd.conf.j2 similarity index 61% rename from configure/sshd.conf rename to configure/sshd.conf.j2 index 08f27e3..bc8b28b 100644 --- a/configure/sshd.conf +++ b/configure/sshd.conf.j2 @@ -1,7 +1,7 @@ TrustedUserCAKeys /etc/ssh/user_ca_key.pub -Match User lewis - AuthorizedPrincipalsFile /etc/ssh/lewis_principals +Match User {{ backup_share_user }} + AuthorizedPrincipalsFile /etc/ssh/backup_principals ChrootDirectory /kvm/data ForceCommand internal-sftp AllowTcpForwarding no