Compare commits
No commits in common. "d706a807210c5232fcaf739a6ab287592a797e72" and "2ab2be3d5043cebe1cf2933eaf1181c63cb504d0" have entirely different histories.
d706a80721
...
2ab2be3d50
3 changed files with 0 additions and 31 deletions
|
@ -10,10 +10,6 @@
|
||||||
- name: enable interfaces
|
- name: enable interfaces
|
||||||
command:
|
command:
|
||||||
cmd: ifup -a
|
cmd: ifup -a
|
||||||
- name: restart sshd
|
|
||||||
systemd:
|
|
||||||
name: sshd
|
|
||||||
state: restarted
|
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
- name: Update
|
- name: Update
|
||||||
|
@ -92,25 +88,5 @@
|
||||||
src: dmz.conf
|
src: dmz.conf
|
||||||
dest: /etc/network/interfaces.d/dmz.conf
|
dest: /etc/network/interfaces.d/dmz.conf
|
||||||
notify: enable interfaces
|
notify: enable interfaces
|
||||||
- name: Add backup user
|
|
||||||
user:
|
|
||||||
name: lewis
|
|
||||||
create_home: false
|
|
||||||
password: '!'
|
|
||||||
shell: /sbin/nologin
|
|
||||||
system: true
|
|
||||||
- name: Add backup user principals file
|
|
||||||
copy:
|
|
||||||
dest: "/etc/ssh/lewis_principals"
|
|
||||||
content: "backup"
|
|
||||||
- name: Install user CA
|
|
||||||
copy:
|
|
||||||
dest: "/etc/ssh/user_ca_key.pub"
|
|
||||||
content: "{{ user_ca }}"
|
|
||||||
- name: Copy ssh config for backup user
|
|
||||||
copy:
|
|
||||||
src: "sshd.conf"
|
|
||||||
dest: "/etc/ssh/sshd_config.d/custom.conf"
|
|
||||||
notify: restart sshd
|
|
||||||
roles:
|
roles:
|
||||||
- githubixx.ansible_role_wireguard
|
- githubixx.ansible_role_wireguard
|
||||||
|
|
|
@ -1,4 +1,3 @@
|
||||||
user_ca: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGKOClnK6/Hj8INjEgULY/lD2FM/nbiJHqaSXtEw4+Fj User Certificate Authority for DMZ"
|
|
||||||
storage_pools: [iso, disk, init]
|
storage_pools: [iso, disk, init]
|
||||||
wireguard_addresses:
|
wireguard_addresses:
|
||||||
- "10.42.0.1/32"
|
- "10.42.0.1/32"
|
||||||
|
|
|
@ -1,6 +0,0 @@
|
||||||
TrustedUserCAKeys /etc/ssh/user_ca_key.pub
|
|
||||||
|
|
||||||
Match User lewis
|
|
||||||
AuthorizedPrincipalsFile /etc/ssh/lewis_principals
|
|
||||||
ChrootDirectory /kvm/data
|
|
||||||
ForceCommand internal-sftp
|
|
Reference in a new issue