commit 5babafef05fa71dc55a9f53fb0a732da6dd7cfcb
parent cb3e89a2b8422b7b19a147330d512e7cbed58f77
Author: Leah (ctucx) <leah@ctu.cx>
Date: Sun, 21 Feb 2021 16:21:31 +0100
parent cb3e89a2b8422b7b19a147330d512e7cbed58f77
Author: Leah (ctucx) <leah@ctu.cx>
Date: Sun, 21 Feb 2021 16:21:31 +0100
roles/common: remove sshd setup
5 files changed, 0 insertions(+), 212 deletions(-)
D
|
148
-------------------------------------------------------------------------------
diff --git a/roles/common/files/sshd/alpine-sshd_config.patch b/roles/common/files/sshd/alpine-sshd_config.patch @@ -1,29 +0,0 @@ ---- sshd_config -+++ /etc/ssh/sshd_config -@@ -29,7 +29,7 @@ - # Authentication: - - #LoginGraceTime 2m --PermitRootLogin yes -+PermitRootLogin prohibit-password - #StrictModes yes - #MaxAuthTries 6 - #MaxSessions 10 -@@ -54,7 +54,7 @@ - #IgnoreRhosts yes - - # To disable tunneled clear text passwords, change to no here! --#PasswordAuthentication yes -+PasswordAuthentication no - #PermitEmptyPasswords no - - # Change to no to disable s/key passwords -@@ -83,7 +83,7 @@ - - #AllowAgentForwarding yes - # Feel free to re-enable these if your use case requires them. --AllowTcpForwarding no -+AllowTcpForwarding yes - GatewayPorts no - X11Forwarding no - #X11DisplayOffset 10
diff --git a/roles/common/files/sshd/archlinux-sshd_config.patch b/roles/common/files/sshd/archlinux-sshd_config.patch @@ -1,20 +0,0 @@ ---- /etc/ssh/sshd_config 2020-12-09 09:49:18.056072245 +0100 -+++ sshd_config 2020-12-09 11:20:20.876447415 +0100 -@@ -29,7 +33,7 @@ - # Authentication: - - #LoginGraceTime 2m --PermitRootLogin prohibit-password -+PermitRootLogin yes - #StrictModes yes - #MaxAuthTries 6 - #MaxSessions 10 -@@ -54,7 +58,7 @@ - #IgnoreRhosts yes - - # To disable tunneled clear text passwords, change to no here! --PasswordAuthentication yes -+PasswordAuthentication no - #PermitEmptyPasswords no - - # Change to no to disable s/key passwords
diff --git a/roles/common/files/sshd/nftables-rule.nft b/roles/common/files/sshd/nftables-rule.nft @@ -1,8 +0,0 @@ -#!/usr/sbin/nft -f - -table inet firewall { - chain inbound { - # Allow ssh. - tcp dport ssh accept comment "sshd" - } -}- \ No newline at end of file
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml @@ -19,9 +19,6 @@ - include: network_alpine.yml when: ansible_distribution == "Alpine" -# - include: network_archlinux.yml -# when: ansible_distribution == "Archlinux" - - include: network_ip-forwarding.yml when: network.ipForwarding is defined @@ -34,9 +31,6 @@ - include: sudo.yml when: system.enableSudo is defined -- include: sshd.yml - when: system.enableSSH is defined - - include: users.yml when: system.users is defined
diff --git a/roles/common/tasks/sshd.yml b/roles/common/tasks/sshd.yml @@ -1,148 +0,0 @@ ---- - -- name: "[Alpine] Install package: openssh" - apk: - name: openssh - state: present - update_cache: yes - when: - - ansible_distribution == "Alpine" - - system.enableSSH is true - -- name: "[Archlinux] Install package: openssh" - pacman: - name: openssh - state: present - update_cache: yes - when: - - ansible_distribution == "Archlinux" - - system.enableSSH is true - - -# need to add message that this file is managed by ansible -- name: "[Alpine] Patch file: /etc/ssh/sshd_config" - patch: - src: sshd/alpine-sshd_config.patch - dest: /etc/ssh/sshd_config - register: sshdConfig - when: - - ansible_distribution == "Alpine" - - system.enableSSH is true - -# need to add message that this file is managed by ansible -- name: "[Archlinux] Patch file: /etc/ssh/sshd_config" - patch: - src: sshd/archlinux-sshd_config.patch - dest: /etc/ssh/sshd_config - register: sshdConfig - when: - - ansible_distribution == "Archlinux" - - system.enableSSH is true - - -- name: "[nftables] Create rule for: sshd" - copy: - src: sshd/nftables-rule.nft - dest: /etc/nftables.d/sshd.nft - when: - - network.nftables.enable is true - - system.enableSSH is true - -- name: "[OpenRC] Restart service: nftables" - service: - name: nftables - state: restarted - when: - - ansible_service_mgr == "openrc" - - network.nftables.enable is true - - system.enableSSH is true - -- name: "[systemd] Restart service: nftables" - systemd: - name: nftables - state: restarted - when: - - ansible_service_mgr == "systemd" - - network.nftables.enable is true - - system.enableSSH is true - - -- name: "[OpenRC] Enable and start service: sshd" - service: - name: sshd - enabled: yes - state: started - when: - - ansible_service_mgr == "openrc" - - system.enableSSH is true - -- name: "[systemd] Enable and start service: sshd" - systemd: - name: sshd - enabled: yes - state: started - when: - - ansible_service_mgr == "systemd" - - system.enableSSH is true - - -- name: "[OpenRC] Restart start service: sshd (to deploy new config)" - service: - name: sshd - state: started - when: - - ansible_service_mgr == "openrc" - - system.enableSSH is true - - sshdConfig.changed - -- name: "[systemd] Enable and start service: sshd (to deploy new config)" - systemd: - name: sshd - state: restarted - when: - - ansible_service_mgr == "systemd" - - system.enableSSH is true - - sshdConfig.changed - - - -- name: "[OpenRC] Disable and stop service: sshd" - service: - name: sshd - enabled: no - state: stopped - when: - - ansible_service_mgr == "openrc" - - system.enableSSH is false - -- name: "[systemd] Disable and stop service: sshd" - systemd: - name: sshd - enabled: no - state: stopped - when: - - ansible_service_mgr == "systemd" - - system.enableSSH is false - - -- name: "[Alpine] Remove package: openssh" - apk: - name: openssh - state: absent - when: - - ansible_distribution == "Alpine" - - system.enableSSH is false - -- name: "[Archlinux] Remove package: openssh" - pacman: - name: openssh - state: absent - when: - - ansible_distribution == "Archlinux" - - system.enableSSH is false - -- name: "Delete directory: /etc/ssh" - file: - path: /etc/ssh - mode: absent - when: system.enableSSH is false