michael/IaC
1
0
Fork 0
Code Packages

Compare commits

base: michael:424fe250d80aa66e5ff6cb46ff1125c07a0f5dba
Branches Tags
michael:main
...
compare: michael:6c88c4af86d234c099ca9242c8da248b7b15c395
Branches Tags
michael:main

2 Commits
424fe250d8 ... 6c88c4af86

Author SHA1 Message Date
michael
6c88c4af86 sshd 2022-09-03 00:35:42 +12:00
michael
2c24ade913 sshd 2022-09-03 00:35:35 +12:00
7 changed files with 60 additions and 3 deletions
Show Stats Expand all files Collapse all files

1
ansible/group_vars/all.yaml Normal file
View File

@ -0,0 +1 @@
---

6
ansible/host_vars/lab.yaml Normal file
View File

@ -0,0 +1,6 @@
---
# sshd
authorized_keys_file: lab_authorized_keys
openssh_configuration_src: sshd_config_arch

2
ansible/inventory/hosts.yaml
View File

@ -7,6 +7,8 @@ all:
lab: lab:
ansible_host: lab.balsillie.net ansible_host: lab.balsillie.net
ansible_os_family: Arch ansible_os_family: Arch
ansible_user: ladmin
ansible_connection: ssh
nodes: nodes:
node1: node1:
ansible_host: node1.balsillie.net ansible_host: node1.balsillie.net

9
ansible/playbooks/lab.yaml Normal file
View File

@ -0,0 +1,9 @@
---
- name: Configure lab host
gather_facts: true
hosts: lab
become: true
roles:
- sshd
- firewall

3
ansible/roles/sshd/defaults/main.yml
View File

@ -3,5 +3,4 @@ openssh_packages:
- openssh - openssh
openssh_service: sshd.service openssh_service: sshd.service
openssh_configuration_file: /etc/ssh/sshd_config openssh_configuration_file: /etc/ssh/sshd_config
openssh_template_src: sshd_config_arch openssh_configuration_mode: 0644
openssh_template_mode: "644"

9
ansible/roles/sshd/handlers/main.yml Normal file
View File

@ -0,0 +1,9 @@
---
- name: restart openssh
ansible.builtin.service:
name: "{{ openssh_service }}"
state: restarted
when:
- not ansible_check_mode
- not openssh_restart_immediately

33
ansible/roles/sshd/tasks/main.yml
View File

@ -4,4 +4,35 @@
name: "{{ openssh_packages }}" name: "{{ openssh_packages }}"
state: latest state: latest
update_cache: true update_cache: true
reason: explicit reason: explicit
when:
- ansible_os_family == 'Arch'
- name: add authorized keys
ansible.builtin.copy:
dest: "/home/{{ ansible_user }}/.ssh/authorized_keys"
src: "{{ authorized_keys_file }}"
mode: 0600
owner: "{{ ansible_user }}"
group: "{{ ansible_user }}"
- name: configure openssh
ansible.builtin.copy:
dest: "{{ openssh_configuration_file }}"
src: "{{ openssh_configuration_src }}"
mode: "{{ openssh_configuration_mode }}"
owner: root
group: root
notify:
- restart openssh
- name: start and enable openssh
ansible.builtin.service:
name: "{{ openssh_service }}"
state: started
enabled: yes
- name: flush handlers
ansible.builtin.meta: flush_handlers
when:
- openssh_restart_immediately