kodi media services basic setup
This commit is contained in:
14
ansible/roles/sshd/tasks/main.yaml
Normal file
14
ansible/roles/sshd/tasks/main.yaml
Normal file
@ -0,0 +1,14 @@
|
||||
---
|
||||
|
||||
- name: Template out sshd_config
|
||||
ansible.builtin.template:
|
||||
src: sshd_config.j2
|
||||
dest: /etc/ssh/sshd_config
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
notify:
|
||||
- Restart sshd
|
||||
|
||||
- name: Flush handlers for immediate shhd restart
|
||||
ansible.builtin.meta: flush_handlers
|
55
ansible/roles/sshd/tasks/setup_key.yaml
Normal file
55
ansible/roles/sshd/tasks/setup_key.yaml
Normal file
@ -0,0 +1,55 @@
|
||||
---
|
||||
|
||||
- name: Ensure ssh config dir exists
|
||||
delegate_to: localhost
|
||||
become: false
|
||||
ansible.builtin.file:
|
||||
path: "{{ lookup('env', 'HOME') }}/.ssh/conf.d/{{ sshd.config_path }}"
|
||||
state: directory
|
||||
owner: "{{ lookup('env', 'USER') }}"
|
||||
group: "{{ lookup('env', 'USER') }}"
|
||||
mode: '0700'
|
||||
|
||||
- name: Generate local SSH key pair
|
||||
delegate_to: localhost
|
||||
become: false
|
||||
community.crypto.openssh_keypair:
|
||||
backend: opensshbin
|
||||
comment: "{{ ansible_user }}@{{ static_fqdn }}"
|
||||
mode: '0600'
|
||||
passphrase: "{{ ssh_keygen_passphrase }}"
|
||||
path: "{{ lookup('env', 'HOME') }}/.ssh/conf.d/{{ sshd.config_path }}/{{ static_fqdn }}"
|
||||
regenerate: full_idempotence
|
||||
size: 521
|
||||
state: present
|
||||
type: ecdsa
|
||||
register: ssh_keygen
|
||||
|
||||
- name: Copy SSH pubkey to target
|
||||
ansible.posix.authorized_key:
|
||||
key: "{{ ssh_keygen.public_key }}"
|
||||
user: "{{ ansible_user }}"
|
||||
state: present
|
||||
|
||||
- name: Add local ssh client config
|
||||
delegate_to: localhost
|
||||
become: false
|
||||
community.general.ssh_config:
|
||||
host: "{{ sshd.nickname | default(omit) }} {{ static_fqdn }}"
|
||||
hostname: "{{ static_fqdn }}"
|
||||
identity_file: "{{ ssh_keygen.filename }}"
|
||||
port: "{{ sshd.listen.port | default('22') }}"
|
||||
remote_user: "{{ ansible_user }}"
|
||||
ssh_config_file: "{{ lookup('env', 'HOME') }}/.ssh/conf.d/{{ sshd.config_path }}/{{ static_fqdn }}.conf"
|
||||
state: present
|
||||
|
||||
- name: Include generated ssh config in default config file
|
||||
delegate_to: localhost
|
||||
become: false
|
||||
ansible.builtin.lineinfile:
|
||||
path: "{{ lookup('env', 'HOME') }}/.ssh/config"
|
||||
line: "Include {{ lookup('env', 'HOME') }}/.ssh/conf.d/{{ sshd.config_path }}/{{ static_fqdn }}.conf"
|
||||
mode: '0600'
|
||||
state: present
|
||||
create: true
|
||||
insertafter: ^Include\s.*$
|
Reference in New Issue
Block a user