accounts: use "evobsd_internal_group" for SSH authentication

CHANGELOG

@@ -11,6 +11,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Changed
 
+- accounts: use "evobsd_internal_group" for SSH authentication
+
 ### Fixed
 
 ### Removed

roles/accounts/tasks/main.yml

@@ -1,4 +1,9 @@
 ---
+- name: "Create {{ evobsd_internal_group }} group"
+  group:
+    name: "{{ evobsd_internal_group }}"
+    system: true
+
 - name: "Create {{ evobsd_ssh_group }} group"
   group:
     name: "{{ evobsd_ssh_group }}"
@@ -69,7 +74,7 @@
     block: |
       Match Address {{ evolix_trusted_ips | join(',') }}
           PasswordAuthentication yes
-      Match Group {{ evobsd_ssh_group }}
+      Match Group {{ evobsd_internal_group }}
           PasswordAuthentication no
     insertafter: EOF
     validate: '/usr/sbin/sshd -t -f %s'

roles/accounts/tasks/user.yml

@@ -38,6 +38,14 @@
   tags:
     - admin
 
+- name: "Add {{ user.name }} to {{ evobsd_internal_group }} group"
+  user:
+    name: "{{ user.name }}"
+    groups: "{{ evobsd_internal_group }}"
+    append: true
+  tags:
+    - admin
+
 - name: "Add {{ user.name }} to {{ evobsd_ssh_group }} group"
   user:
     name: "{{ user.name }}"

vars/main.yml

@@ -23,6 +23,7 @@
 # evomaintenance_urgency_from: mama.doe@example.com
 # evomaintenance_urgency_tel: "06.00.00.00.00"
 #
+# evobsd_internal_group: "foo"
 # evobsd_ssh_group: "foo-ssh"
 # evobsd_sudo_group: "foo-sudo"
 #