add sshd management
This commit is contained in:
parent
1f12014a52
commit
05007804c0
3 changed files with 34 additions and 0 deletions
|
@ -35,3 +35,32 @@ To avoid these calculations and set your own size explicitly, set the `system_sw
|
||||||
```yaml
|
```yaml
|
||||||
system_swap_size: 4096
|
system_swap_size: 4096
|
||||||
```
|
```
|
||||||
|
|
||||||
|
### ssh
|
||||||
|
|
||||||
|
> **Warning**: advanced functionality! While the default config with a few adjustments was battle tested on hundreds of servers,
|
||||||
|
> you should use it with caution and verify everything before you apply the changes!
|
||||||
|
|
||||||
|
To enable [ssh server](https://www.openssh.com/) config and authorized/unauthorized keys management, add the following configuration to your `vars.yml` file and re-run the [installation](../installing.md) process:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
########################################################################
|
||||||
|
# #
|
||||||
|
# system #
|
||||||
|
# #
|
||||||
|
########################################################################
|
||||||
|
|
||||||
|
system_security_ssh_enabled: true
|
||||||
|
system_security_ssh_authorizedkeys: [] # list of authorized public keys
|
||||||
|
system_security_ssh_unauthorizedkeys: [] # list of unauthorized/revoked public keys
|
||||||
|
|
||||||
|
########################################################################
|
||||||
|
# #
|
||||||
|
# /system #
|
||||||
|
# #
|
||||||
|
########################################################################
|
||||||
|
```
|
||||||
|
|
||||||
|
[Default configuration](https://gitlab.com/etke.cc/roles/ssh/-/blob/main/defaults/main.yml) is good enough as-is, but we strongly suggest you to **verify everything before applying any changes!**, otherwise you may lock yourself out.
|
||||||
|
|
||||||
|
There are various of different configuration options - check the defaults and adjust them to your needs.
|
||||||
|
|
|
@ -6,6 +6,9 @@
|
||||||
- src: git+https://gitlab.com/etke.cc/roles/swap
|
- src: git+https://gitlab.com/etke.cc/roles/swap
|
||||||
version: 33ce32b065276a96b7e2562752f3a63913ed5480
|
version: 33ce32b065276a96b7e2562752f3a63913ed5480
|
||||||
|
|
||||||
|
- src: git+https://gitlab.com/etke.cc/roles/ssh
|
||||||
|
version: 7458ce11f26822427eb5dc7356e59b3bd2399f7b
|
||||||
|
|
||||||
- src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git
|
- src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git
|
||||||
version: 129c8590e106b83e6f4c259649a613c6279e937a
|
version: 129c8590e106b83e6f4c259649a613c6279e937a
|
||||||
|
|
||||||
|
|
|
@ -39,6 +39,8 @@
|
||||||
|
|
||||||
- role: galaxy/swap
|
- role: galaxy/swap
|
||||||
|
|
||||||
|
- role: galaxy/ssh
|
||||||
|
|
||||||
# This role exposes various tags (setup-postgres, setup-all, upgrade-postgres, import-postgres, etc.), so we don't tag it here.
|
# This role exposes various tags (setup-postgres, setup-all, upgrade-postgres, import-postgres, etc.), so we don't tag it here.
|
||||||
- role: galaxy/com.devture.ansible.role.postgres
|
- role: galaxy/com.devture.ansible.role.postgres
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue