change backup user name

configure/atlas.yml

@@ -94,22 +94,22 @@
     notify: enable interfaces
   - name: Add backup user
     user:
-      name: lewis
+      name: "{{ backup_share_user }}"
       create_home: false
       password: '!'
       shell: /sbin/nologin
       system: true
   - name: Add backup user principals file
     copy:
-      dest: "/etc/ssh/lewis_principals"
+      dest: "/etc/ssh/backup_principals"
       content: "backup"
   - name: Install user CA
     copy:
       dest: "/etc/ssh/user_ca_key.pub"
       content: "{{ user_ca }}"
   - name: Copy ssh config for backup user
-    copy:
+    template:
-      src: "sshd.conf"
+      src: "sshd.conf.j2"
       dest: "/etc/ssh/sshd_config.d/custom.conf"
     notify: restart sshd
   roles:

configure/inventory/host_vars/atlas.yml

@@ -1,3 +1,5 @@
+backup_share_user: "backup-share"
+backup_control_user: "backup-control"
 user_ca: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGKOClnK6/Hj8INjEgULY/lD2FM/nbiJHqaSXtEw4+Fj User Certificate Authority for DMZ"
 storage_pools: [iso, disk, init]
 wireguard_addresses:

configure/sshd.conf.j2

@@ -1,7 +1,7 @@
 TrustedUserCAKeys /etc/ssh/user_ca_key.pub
 
-Match User lewis
+Match User {{ backup_share_user }}
-	AuthorizedPrincipalsFile /etc/ssh/lewis_principals
+	AuthorizedPrincipalsFile /etc/ssh/backup_principals
 	ChrootDirectory /kvm/data
 	ForceCommand internal-sftp
 	AllowTcpForwarding no