From 08e92ca3b8ee6c38c3e19126378e51b46cf63b16 Mon Sep 17 00:00:00 2001 From: Elizabeth Hunt Date: Mon, 11 Aug 2025 18:39:55 -0700 Subject: Oauth proxy and monitoring init --- playbooks/roles/common/files/authorized_keys | 3 --- playbooks/roles/common/files/sshd_config | 21 --------------------- playbooks/roles/common/tasks/main.yml | 8 ++++---- playbooks/roles/common/templates/authorized_keys | 3 +++ playbooks/roles/common/templates/sshd_config | 21 +++++++++++++++++++++ 5 files changed, 28 insertions(+), 28 deletions(-) delete mode 100644 playbooks/roles/common/files/authorized_keys delete mode 100644 playbooks/roles/common/files/sshd_config create mode 100644 playbooks/roles/common/templates/authorized_keys create mode 100644 playbooks/roles/common/templates/sshd_config (limited to 'playbooks/roles/common') diff --git a/playbooks/roles/common/files/authorized_keys b/playbooks/roles/common/files/authorized_keys deleted file mode 100644 index 82f2cbb..0000000 --- a/playbooks/roles/common/files/authorized_keys +++ /dev/null @@ -1,3 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPnLAE5TrdYF8QWCSkvgUp15XKcwQJ9393a/CghSo8dG serve@ansible -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINkjxFI9i17i1MQXZUBl99OP7nRURHGFItPaCqkUUQJw serve@ci -{{ me_lizcoffee_key }} diff --git a/playbooks/roles/common/files/sshd_config b/playbooks/roles/common/files/sshd_config deleted file mode 100644 index 239a0c0..0000000 --- a/playbooks/roles/common/files/sshd_config +++ /dev/null @@ -1,21 +0,0 @@ -Include /etc/ssh/sshd_config.d/*.conf - -Port 22 -PermitRootLogin no -PubkeyAuthentication yes -PasswordAuthentication no - -KbdInteractiveAuthentication no - -UsePAM yes - -AllowAgentForwarding yes -X11Forwarding no -PrintMotd no -PrintLastLog yes -TCPKeepAlive yes -ClientAliveInterval 300 -ClientAliveCountMax 1 - -AcceptEnv LANG LC_* -Subsystem sftp /usr/lib/openssh/sftp-server diff --git a/playbooks/roles/common/tasks/main.yml b/playbooks/roles/common/tasks/main.yml index 446db35..63eb60a 100644 --- a/playbooks/roles/common/tasks/main.yml +++ b/playbooks/roles/common/tasks/main.yml @@ -33,8 +33,8 @@ ### SSH - name: Copy sshd_config - ansible.builtin.copy: - src: files/sshd_config + ansible.builtin.template: + src: templates/sshd_config dest: /etc/ssh/sshd_config owner: root group: root @@ -43,8 +43,8 @@ - Restart sshd - name: Copy authorized_keys - ansible.builtin.copy: - src: files/authorized_keys + ansible.builtin.template: + src: templates/authorized_keys dest: /home/{{ ansible_user }}/.ssh/authorized_keys ### UFW diff --git a/playbooks/roles/common/templates/authorized_keys b/playbooks/roles/common/templates/authorized_keys new file mode 100644 index 0000000..82f2cbb --- /dev/null +++ b/playbooks/roles/common/templates/authorized_keys @@ -0,0 +1,3 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPnLAE5TrdYF8QWCSkvgUp15XKcwQJ9393a/CghSo8dG serve@ansible +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINkjxFI9i17i1MQXZUBl99OP7nRURHGFItPaCqkUUQJw serve@ci +{{ me_lizcoffee_key }} diff --git a/playbooks/roles/common/templates/sshd_config b/playbooks/roles/common/templates/sshd_config new file mode 100644 index 0000000..239a0c0 --- /dev/null +++ b/playbooks/roles/common/templates/sshd_config @@ -0,0 +1,21 @@ +Include /etc/ssh/sshd_config.d/*.conf + +Port 22 +PermitRootLogin no +PubkeyAuthentication yes +PasswordAuthentication no + +KbdInteractiveAuthentication no + +UsePAM yes + +AllowAgentForwarding yes +X11Forwarding no +PrintMotd no +PrintLastLog yes +TCPKeepAlive yes +ClientAliveInterval 300 +ClientAliveCountMax 1 + +AcceptEnv LANG LC_* +Subsystem sftp /usr/lib/openssh/sftp-server -- cgit v1.2.3-70-g09d2