diff options
| author | Dmitry Ilvokhin <d@ilvokhin.com> | 2024-03-08 21:26:47 +0000 |
|---|---|---|
| committer | Dmitry Ilvokhin <d@ilvokhin.com> | 2024-03-08 21:26:47 +0000 |
| commit | b8d90587492becebbc8828a79deee1edb0792083 (patch) | |
| tree | 1c5e9d5c5342de586cdded523c4855726b15ccaf | |
| parent | 55fe803f1795061d1397c76a793cc2f1986b4774 (diff) | |
| download | infra-b8d90587492becebbc8828a79deee1edb0792083.tar.gz infra-b8d90587492becebbc8828a79deee1edb0792083.tar.bz2 infra-b8d90587492becebbc8828a79deee1edb0792083.zip | |
Add ssh role
| -rw-r--r-- | essential.yml | 1 | ||||
| -rw-r--r-- | roles/ssh/defaults/main.yml | 1 | ||||
| -rw-r--r-- | roles/ssh/meta/main.yml | 2 | ||||
| -rw-r--r-- | roles/ssh/tasks/main.yml | 33 | ||||
| -rw-r--r-- | roles/users/tasks/main.yml | 16 |
5 files changed, 37 insertions, 16 deletions
diff --git a/essential.yml b/essential.yml index 9792ff8..0bb9211 100644 --- a/essential.yml +++ b/essential.yml @@ -6,6 +6,7 @@ - { role: sshd } - { role: sudo } - { role: atop } + - { role: ssh } - { role: bash } - { role: vim } - { role: screen } diff --git a/roles/ssh/defaults/main.yml b/roles/ssh/defaults/main.yml new file mode 100644 index 0000000..7ea2a66 --- /dev/null +++ b/roles/ssh/defaults/main.yml @@ -0,0 +1 @@ +jumphost: false diff --git a/roles/ssh/meta/main.yml b/roles/ssh/meta/main.yml new file mode 100644 index 0000000..4aa0127 --- /dev/null +++ b/roles/ssh/meta/main.yml @@ -0,0 +1,2 @@ +dependencies: + - role: users diff --git a/roles/ssh/tasks/main.yml b/roles/ssh/tasks/main.yml new file mode 100644 index 0000000..92d4efd --- /dev/null +++ b/roles/ssh/tasks/main.yml @@ -0,0 +1,33 @@ +- name: Setup SSH directory for Dmitry Ilvokhin + ansible.builtin.file: + path: /home/d/.ssh + state: directory + owner: d + group: d + mode: u+rw,g-wx,o-rwx + +- name: Update authorized_keys for Dmitry Ilvokhin + ansible.posix.authorized_key: + user: d + state: present + key: '{{ item }}' + with_file: + - misc/pubkeys/d.pub + +- name: Configure ssh for Dmitry Ilvokhin + ansible.builtin.template: + src: misc/dotfiles/ssh/config.j2 + dest: "~{{ user }}/.ssh/config" + owner: "{{ user }}" + mode: u+rw,g-rw,o-rw + when: + - jumphost + +- name: Add ssh rc for Dmitry Ilvokhin + ansible.builtin.copy: + src: misc/dotfiles/ssh/rc + dest: "~{{ user }}/.ssh/rc" + owner: "{{ user }}" + mode: u+rwx,g-rw,o-rw + when: + - jumphost diff --git a/roles/users/tasks/main.yml b/roles/users/tasks/main.yml index 864934a..f3df2df 100644 --- a/roles/users/tasks/main.yml +++ b/roles/users/tasks/main.yml @@ -14,19 +14,3 @@ # Group http required to deploy websites with rsync under personal # username. - http - -- name: Setup SSH directory for Dmitry Ilvokhin - ansible.builtin.file: - path: /home/d/.ssh - state: directory - owner: d - group: d - mode: u+rw,g-wx,o-rwx - -- name: Update authorized_keys for Dmitry Ilvokhin - ansible.posix.authorized_key: - user: d - state: present - key: '{{ item }}' - with_file: - - misc/pubkeys/d.pub |