79 lines
1.8 KiB
YAML
79 lines
1.8 KiB
YAML
# TODO: create second virsh network interface
|
|
# for now we will just run the second ssh instance on port 23
|
|
|
|
- name: copy ssh daemon configs
|
|
copy:
|
|
src: "{{ role_path }}/templates/{{ item }}"
|
|
dest: "/etc/ssh/{{ item }}"
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
loop:
|
|
- sshd_config
|
|
- sshd_mirror_config
|
|
|
|
- name: copy ssh-mirror.service
|
|
copy:
|
|
src: "{{ role_path }}/templates/ssh-mirror.service"
|
|
dest: "/etc/systemd/system/ssh-mirror.service"
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
|
|
- name: generate keys for sshd
|
|
# is ssh_host_dsa_key or ssh_host_ecdsa_key used anywhere?
|
|
command:
|
|
cmd: >
|
|
ssh-keygen -q
|
|
-t {{ item.type }}
|
|
-f /etc/ssh/{{ item.file }}
|
|
-N ""
|
|
creates: /etc/ssh/{{ item.file }}
|
|
loop:
|
|
- { file: ssh_host_dsa_key, type: dsa }
|
|
- { file: ssh_host_ecdsa_key, type: ecdsa }
|
|
- { file: ssh_host_ed25519_key, type: ed25519 }
|
|
- { file: ssh_host_rsa_key, type: rsa }
|
|
- { file: ssh_mirror_ed25519_key, type: ed25519 }
|
|
- { file: ssh_mirror_rsa_key, type: rsa }
|
|
|
|
- name: create .ssh for mirror and push
|
|
file:
|
|
path: "/home/{{ item }}/.ssh"
|
|
owner: "{{ item }}"
|
|
group: "{{ item }}"
|
|
mode: "0700"
|
|
state: directory
|
|
loop:
|
|
- mirror
|
|
- push
|
|
|
|
- name: create authorized_keys files for mirror and push
|
|
file:
|
|
path: "/home/{{ item }}/.ssh/authorized_keys"
|
|
owner: "{{ item }}"
|
|
group: "{{ item }}"
|
|
mode: "0644"
|
|
loop:
|
|
- mirror
|
|
- push
|
|
|
|
- name: generate key for mirror user
|
|
command:
|
|
cmd: >
|
|
ssh-keygen -q
|
|
-t rsa
|
|
-f /home/mirror/.ssh/id_rsa
|
|
-N ""
|
|
creates: /home/mirror/.ssh/id_rsa
|
|
|
|
- name: start and enable ssh-mirror
|
|
systemd:
|
|
name: ssh-mirror
|
|
state: started
|
|
enabled: yes
|
|
|
|
- name: restart ssh
|
|
systemd:
|
|
name: ssh
|
|
state: restarted |