This commit is contained in:
parent
6263251e58
commit
f746583d52
GPG Key ID:
9164B527694A0709
15
coreos-config/group_vars/all/vault.yaml
Normal file
15
coreos-config/group_vars/all/vault.yaml
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
$ANSIBLE_VAULT;1.2;AES256;secrets
|
||||||
|
61326166343132303034623663646238316263313832303164636539643039653530323537613030
|
||||||
|
3733303163623763353765386332653832353862323262320a313766323336393933623736653834
|
||||||
|
34643932613563646332633437323135656437613335333362383464613061383935323661656433
|
||||||
|
3032376366323234660a316635626139373136316136633738663034613066653665353836383339
|
||||||
|
36383266633566653866363465633331303134373130626138616431313132333631646165326434
|
||||||
|
34303431376434346535373665633939643230646336653431373063333264393562303035383162
|
||||||
|
36323439346464336134343639366464636362363635306139323238363130383362323330653530
|
||||||
|
30643366623964643037353031626532313465303061666563616439666661653131313438316162
|
||||||
|
61373165393161633139633265363064353664613763616136383536633931323335306631356330
|
||||||
|
31373631353237346362633062326338366537643539363630396437373237633736366165393431
|
||||||
|
39363562373035353165336566613739303132373435616532363662633535356564303431626539
|
||||||
|
63376263623334643733613831343861343932363739363566303165666335306430396564343135
|
||||||
|
37626663656665383864326166313566643937656362396236356462623737343235313962633666
|
||||||
|
3838623136396663383432613764623266626533663866353762
|
||||||
@ -1,3 +1,54 @@
|
|||||||
|
- name: Setup SSH Config
|
||||||
|
hosts: all
|
||||||
|
become: true
|
||||||
|
become_user: root
|
||||||
|
tags:
|
||||||
|
- setup_ssh
|
||||||
|
- setup
|
||||||
|
tasks:
|
||||||
|
- name: Authorized_keys dir present
|
||||||
|
ansible.builtin.file:
|
||||||
|
state: directory
|
||||||
|
path: /etc/ssh/authorized_keys
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: '0755'
|
||||||
|
- name: Deploy CI SSH-Key
|
||||||
|
ansible.posix.authorized_key:
|
||||||
|
user: "{{ ansible_user }}"
|
||||||
|
state: present
|
||||||
|
manage_dir: false
|
||||||
|
path: "/etc/ssh/authorized_keys/{{ ansible_user }}"
|
||||||
|
key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII/2H7n27J7/xFAyQpE7r29UxTP5jttLRe6RhAC/Ndam drone-deploy"
|
||||||
|
- name: Deploy Common SSH-Keys
|
||||||
|
ansible.posix.authorized_key:
|
||||||
|
user: "{{ ansible_user }}"
|
||||||
|
state: present
|
||||||
|
manage_dir: false
|
||||||
|
path: "/etc/ssh/authorized_keys/{{ ansible_user }}"
|
||||||
|
key: "{{ item }}"
|
||||||
|
loop: "{{ common.ssh.authorized_keys }}"
|
||||||
|
- name: Ensure authorized_keys ownership
|
||||||
|
ansible.builtin.file:
|
||||||
|
state: directory
|
||||||
|
path: /etc/ssh/authorized_keys
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "u=rwX,g=rX,o=rX"
|
||||||
|
recurse: true
|
||||||
|
- name: Configure sshd
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: 'sshd_config.j2'
|
||||||
|
dest: '/etc/ssh/sshd_config.d/99-override.conf'
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: '0600'
|
||||||
|
- name: Remove Keys Config
|
||||||
|
ansible.builtin.file:
|
||||||
|
state: absent
|
||||||
|
path: /etc/ssh/ssh_config.d/40-ssh-key-dir.conf
|
||||||
|
|
||||||
|
|
||||||
- name: Backup
|
- name: Backup
|
||||||
hosts: backup
|
hosts: backup
|
||||||
become: true
|
become: true
|
||||||
@ -135,6 +186,7 @@
|
|||||||
tags:
|
tags:
|
||||||
- never
|
- never
|
||||||
- setup_monitoring
|
- setup_monitoring
|
||||||
|
- setup
|
||||||
tasks:
|
tasks:
|
||||||
- name: Login to Kuma
|
- name: Login to Kuma
|
||||||
delegate_to: localhost
|
delegate_to: localhost
|
||||||
|
|||||||
1
coreos-config/plays/templates/sshd_config.j2
Normal file
1
coreos-config/plays/templates/sshd_config.j2
Normal file
@ -0,0 +1 @@
|
|||||||
|
AuthorizedKeysFile /etc/ssh/authorized_keys/%u
|
||||||
Loading…
Reference in New Issue
Block a user