Commit Graph

13 Commits

Author SHA1 Message Date
Jérémy Dubois 6a2faf5649 Use a new evobsd_ssl_cert_hostname var instead of ansible_fqdn
On OpenBSD, ansible_fqdn is the reverse of the IP, which is not always properly configured
2024-02-20 15:30:25 +01:00
Jérémy Dubois f0ecc79696 accounts: use "evobsd_internal_group" for SSH authentication 2022-01-05 11:16:18 +01:00
Jérémy Dubois 7b337c2db1 Update README, change needed vars files, edit .gitignore and remove unneeded environment variable 2021-12-17 16:22:31 +01:00
Jérémy Dubois 8a6d16e2dc Add .gitignore 2021-12-15 17:31:59 +01:00
Jérémy Dubois 7046e193e0 Configure the ntpd.conf file and bump version 2021-07-19 15:27:57 +02:00
Jérémy Dubois 5540aea87d Add empty vars_files for them not to generate errors
continuous-integration/drone/push Build is failing Details
2020-10-23 10:02:26 +02:00
Jérémy Dubois 78686b8730 Stricter ssh and doas access - two separate groups actually needed
Fix #34 again

After some discussions, with actually need two separates groups :
- One group for ssh access (evobsd_ssh_group)
- One group for sudo/doas access (evobsd_sudo_group)

We won't need any client group. A client user will be added to the ssh group,
so that we won't have to think about what specific group a user need to be
added in.
2020-10-15 11:01:52 +02:00
Jérémy Dubois 2bf8a7e872 Stricter ssh and doas access - better version
continuous-integration/drone/push Build is failing Details
Fix #34

We now use a unique evobsd_group (evolix by default).
Each user has 2 groups : evobsd_group and user.name.
Only evobsd_group can ssh to server and use doas.

I also added a password restrictions block for IPs/group.
And we make sure the home folder is only readable by owner.
2020-10-13 16:03:54 +02:00
Patrick Marchand 98089a3274 Fix yaml lint lines too long
continuous-integration/drone/push Build is failing Details
continuous-integration/drone/pr Build is failing Details
In some cases I used block scalars: https://yaml-multiline.info/
In other cases I added newlines
In rare cases I just ignored the rule: https://yamllint.readthedocs.io/en/stable/disable_with_comments.html
2020-06-04 12:51:53 -04:00
Patrick Marchand af7b3b36fe Ansible-lint and yamllint
Does not fix all warnings, but gets rid of the purely cosmetic ones.
(roles/accounts/tasks/main.yml)
2020-05-22 11:49:18 -04:00
Patrick Marchand 67d6c0ab62 revert forgotten extra variables in main 2019-09-19 17:12:21 -04:00
Patrick Marchand 8b1ce861e3 Add stricter ssh and doas access 2019-09-19 17:07:01 -04:00
Tristan PILAT b555fb1222 Add initial project 2018-12-28 11:23:49 +01:00