configure/atlas.yml

@@ -10,10 +10,6 @@
   - name: enable interfaces
     command:
       cmd: ifup -a
-  - name: restart sshd
-    systemd:
-      name: sshd
-      state: restarted
 
   tasks:
   - name: Update
@@ -92,25 +88,5 @@
       src: dmz.conf
       dest: /etc/network/interfaces.d/dmz.conf
     notify: enable interfaces
-  - name: Add backup user
-    user:
-      name: lewis
-      create_home: false
-      password: '!'
-      shell: /sbin/nologin
-      system: true
-  - name: Add backup user principals file
-    copy:
-      dest: "/etc/ssh/lewis_principals"
-      content: "backup"
-  - name: Install user CA
-    copy:
-      dest: "/etc/ssh/user_ca_key.pub"
-      content: "{{ user_ca }}"
-  - name: Copy ssh config for backup user
-    copy:
-      src: "sshd.conf"
-      dest: "/etc/ssh/sshd_config.d/custom.conf"
-    notify: restart sshd
   roles:
     - githubixx.ansible_role_wireguard

configure/inventory/host_vars/atlas.yml

@@ -1,4 +1,3 @@
-user_ca: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGKOClnK6/Hj8INjEgULY/lD2FM/nbiJHqaSXtEw4+Fj User Certificate Authority for DMZ"
 storage_pools: [iso, disk, init]
 wireguard_addresses:
   - "10.42.0.1/32"

configure/sshd.conf

@@ -1,6 +0,0 @@
-TrustedUserCAKeys /etc/ssh/user_ca_key.pub
-
-Match User lewis
-	AuthorizedPrincipalsFile /etc/ssh/lewis_principals
-	ChrootDirectory /kvm/data
-	ForceCommand internal-sftp