Common: Configure sshd

2023-09-12 00:35:35 +02:00 · 2023-09-12 00:35:35 +02:00 · f746583d52
commit f746583d52
parent 6263251e58
3 changed files with 68 additions and 0 deletions
--- a/coreos-config/group_vars/all/vault.yaml
+++ b/coreos-config/group_vars/all/vault.yaml
@ -0,0 +1,15 @@
+$ANSIBLE_VAULT;1.2;AES256;secrets
+61326166343132303034623663646238316263313832303164636539643039653530323537613030
+3733303163623763353765386332653832353862323262320a313766323336393933623736653834
+34643932613563646332633437323135656437613335333362383464613061383935323661656433
+3032376366323234660a316635626139373136316136633738663034613066653665353836383339
+36383266633566653866363465633331303134373130626138616431313132333631646165326434
+34303431376434346535373665633939643230646336653431373063333264393562303035383162
+36323439346464336134343639366464636362363635306139323238363130383362323330653530
+30643366623964643037353031626532313465303061666563616439666661653131313438316162
+61373165393161633139633265363064353664613763616136383536633931323335306631356330
+31373631353237346362633062326338366537643539363630396437373237633736366165393431
+39363562373035353165336566613739303132373435616532363662633535356564303431626539
+63376263623334643733613831343861343932363739363566303165666335306430396564343135
+37626663656665383864326166313566643937656362396236356462623737343235313962633666
+3838623136396663383432613764623266626533663866353762
--- a/coreos-config/plays/common.yaml
+++ b/coreos-config/plays/common.yaml
@ -1,3 +1,54 @@
+- name: Setup SSH Config
+  hosts: all
+  become: true
+  become_user: root
+  tags:
+    - setup_ssh
+    - setup
+  tasks:
+    - name: Authorized_keys dir present
+      ansible.builtin.file:
+        state: directory
+        path: /etc/ssh/authorized_keys
+        owner: root
+        group: root
+        mode: '0755'
+    - name: Deploy CI SSH-Key
+      ansible.posix.authorized_key:
+        user: "{{ ansible_user }}"
+        state: present
+        manage_dir: false
+        path: "/etc/ssh/authorized_keys/{{ ansible_user }}"
+        key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII/2H7n27J7/xFAyQpE7r29UxTP5jttLRe6RhAC/Ndam drone-deploy"
+    - name: Deploy Common SSH-Keys
+      ansible.posix.authorized_key:
+        user: "{{ ansible_user }}"
+        state: present
+        manage_dir: false
+        path: "/etc/ssh/authorized_keys/{{ ansible_user }}"
+        key: "{{ item }}"
+      loop: "{{ common.ssh.authorized_keys }}"
+    - name: Ensure authorized_keys ownership
+      ansible.builtin.file:
+        state: directory
+        path: /etc/ssh/authorized_keys
+        owner: root
+        group: root
+        mode: "u=rwX,g=rX,o=rX"
+        recurse: true
+    - name: Configure sshd
+      ansible.builtin.template:
+        src: 'sshd_config.j2'
+        dest: '/etc/ssh/sshd_config.d/99-override.conf'
+        owner: root
+        group: root
+        mode: '0600'
+    - name: Remove Keys Config
+      ansible.builtin.file:
+        state: absent
+        path: /etc/ssh/ssh_config.d/40-ssh-key-dir.conf
+
+
 - name: Backup
  hosts: backup
  become: true
@ -135,6 +186,7 @@
  tags:
    - never
    - setup_monitoring
+    - setup
  tasks:
    - name: Login to Kuma
      delegate_to: localhost
--- a/coreos-config/plays/templates/sshd_config.j2
+++ b/coreos-config/plays/templates/sshd_config.j2
@ -0,0 +1 @@
+AuthorizedKeysFile /etc/ssh/authorized_keys/%u
				`@ -0,0 +1 @@`
				`AuthorizedKeysFile /etc/ssh/authorized_keys/%u`