kodi media services basic setup

This commit is contained in:
2024-04-21 01:04:17 +12:00
parent cb4abe5722
commit 3d9241b475
14 changed files with 155 additions and 24 deletions

View File

@ -0,0 +1,14 @@
---
- name: Template out sshd_config
ansible.builtin.template:
src: sshd_config.j2
dest: /etc/ssh/sshd_config
owner: root
group: root
mode: '0644'
notify:
- Restart sshd
- name: Flush handlers for immediate shhd restart
ansible.builtin.meta: flush_handlers

View File

@ -0,0 +1,55 @@
---
- name: Ensure ssh config dir exists
delegate_to: localhost
become: false
ansible.builtin.file:
path: "{{ lookup('env', 'HOME') }}/.ssh/conf.d/{{ sshd.config_path }}"
state: directory
owner: "{{ lookup('env', 'USER') }}"
group: "{{ lookup('env', 'USER') }}"
mode: '0700'
- name: Generate local SSH key pair
delegate_to: localhost
become: false
community.crypto.openssh_keypair:
backend: opensshbin
comment: "{{ ansible_user }}@{{ static_fqdn }}"
mode: '0600'
passphrase: "{{ ssh_keygen_passphrase }}"
path: "{{ lookup('env', 'HOME') }}/.ssh/conf.d/{{ sshd.config_path }}/{{ static_fqdn }}"
regenerate: full_idempotence
size: 521
state: present
type: ecdsa
register: ssh_keygen
- name: Copy SSH pubkey to target
ansible.posix.authorized_key:
key: "{{ ssh_keygen.public_key }}"
user: "{{ ansible_user }}"
state: present
- name: Add local ssh client config
delegate_to: localhost
become: false
community.general.ssh_config:
host: "{{ sshd.nickname | default(omit) }} {{ static_fqdn }}"
hostname: "{{ static_fqdn }}"
identity_file: "{{ ssh_keygen.filename }}"
port: "{{ sshd.listen.port | default('22') }}"
remote_user: "{{ ansible_user }}"
ssh_config_file: "{{ lookup('env', 'HOME') }}/.ssh/conf.d/{{ sshd.config_path }}/{{ static_fqdn }}.conf"
state: present
- name: Include generated ssh config in default config file
delegate_to: localhost
become: false
ansible.builtin.lineinfile:
path: "{{ lookup('env', 'HOME') }}/.ssh/config"
line: "Include {{ lookup('env', 'HOME') }}/.ssh/conf.d/{{ sshd.config_path }}/{{ static_fqdn }}.conf"
mode: '0600'
state: present
create: true
insertafter: ^Include\s.*$