From 05007804c0ab618363eb07e0ed0e481cc834fcf1 Mon Sep 17 00:00:00 2001 From: Aine Date: Sat, 18 Mar 2023 21:50:27 +0200 Subject: [PATCH] add sshd management --- docs/services/system.md | 29 +++++++++++++++++++++++++++++ requirements.yml | 3 +++ setup.yml | 2 ++ 3 files changed, 34 insertions(+) diff --git a/docs/services/system.md b/docs/services/system.md index 8091cf7..bfd4d0e 100644 --- a/docs/services/system.md +++ b/docs/services/system.md @@ -35,3 +35,32 @@ To avoid these calculations and set your own size explicitly, set the `system_sw ```yaml system_swap_size: 4096 ``` + +### ssh + +> **Warning**: advanced functionality! While the default config with a few adjustments was battle tested on hundreds of servers, +> you should use it with caution and verify everything before you apply the changes! + +To enable [ssh server](https://www.openssh.com/) config and authorized/unauthorized keys management, add the following configuration to your `vars.yml` file and re-run the [installation](../installing.md) process: + +```yaml +######################################################################## +# # +# system # +# # +######################################################################## + +system_security_ssh_enabled: true +system_security_ssh_authorizedkeys: [] # list of authorized public keys +system_security_ssh_unauthorizedkeys: [] # list of unauthorized/revoked public keys + +######################################################################## +# # +# /system # +# # +######################################################################## +``` + +[Default configuration](https://gitlab.com/etke.cc/roles/ssh/-/blob/main/defaults/main.yml) is good enough as-is, but we strongly suggest you to **verify everything before applying any changes!**, otherwise you may lock yourself out. + +There are various of different configuration options - check the defaults and adjust them to your needs. diff --git a/requirements.yml b/requirements.yml index 4c7420b..e666944 100644 --- a/requirements.yml +++ b/requirements.yml @@ -6,6 +6,9 @@ - src: git+https://gitlab.com/etke.cc/roles/swap version: 33ce32b065276a96b7e2562752f3a63913ed5480 +- src: git+https://gitlab.com/etke.cc/roles/ssh + version: 7458ce11f26822427eb5dc7356e59b3bd2399f7b + - src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git version: 129c8590e106b83e6f4c259649a613c6279e937a diff --git a/setup.yml b/setup.yml index 1a1f7e8..8c329d5 100644 --- a/setup.yml +++ b/setup.yml @@ -39,6 +39,8 @@ - role: galaxy/swap + - role: galaxy/ssh + # This role exposes various tags (setup-postgres, setup-all, upgrade-postgres, import-postgres, etc.), so we don't tag it here. - role: galaxy/com.devture.ansible.role.postgres