evolix/EvoBSD
21
0
Fork 0
Code Issues 2 Pull requests Releases 3 Wiki Activity
287 commits 2 branches 3 tags 660 KiB
Commit graph

14 commits

Author SHA1 Message Date
Jérémy Dubois 674a4aa836 update of tags for each tasks and ease the update of scripts 2022-06-23 18:35:39 +02:00
Jérémy Dubois 6667c4b9e8 Syntax : have all task name between quotes 2022-06-23 16:17:42 +02:00
Jérémy Dubois fe6235f8fb Multiple fixes 
- accounts : the user.yml task has a loop in a loop, var name need to be changed
- base, kshrc : fix a previously deleted command on which is based the command that follows
- base, ntp : do not display this task as a change, it only gets some information
 2022-01-25 17:28:28 +01:00
Jérémy Dubois 4506c835c5 Improve syntax of accounts role and fix missing tags 2022-01-06 12:01:22 +01:00
Jérémy Dubois f0ecc79696 accounts: use "evobsd_internal_group" for SSH authentication 2022-01-05 11:16:18 +01:00
Jérémy Dubois 6613c70446 Revert "Add user with legacy hash ($2a…) instead of current hash ($2b…) for OpenBSD versions older than 5.7"
Some checks failed
continuous-integration/drone/push Build is failing
Details 
This reverts commit 4012a014ce.
Versions older than 5.7 are … old.
We do not handle versions that old.
 2020-10-23 10:17:12 +02:00
Jérémy Dubois 4012a014ce Add user with legacy hash ($2a…) instead of current hash ($2b…) for OpenBSD versions older than 5.7
Some checks failed
continuous-integration/drone/push Build is failing
Details
2020-10-22 11:52:54 +02:00
Jérémy Dubois 78686b8730 Stricter ssh and doas access - two separate groups actually needed 
Fix #34 again

After some discussions, with actually need two separates groups :
- One group for ssh access (evobsd_ssh_group)
- One group for sudo/doas access (evobsd_sudo_group)

We won't need any client group. A client user will be added to the ssh group,
so that we won't have to think about what specific group a user need to be
added in.
 2020-10-15 11:01:52 +02:00
Jérémy Dubois dc2707c004 Fix typo
Some checks failed
continuous-integration/drone/push Build is failing
Details
2020-10-13 16:16:52 +02:00
Jérémy Dubois 2bf8a7e872 Stricter ssh and doas access - better version
Some checks failed
continuous-integration/drone/push Build is failing
Details 
Fix #34

We now use a unique evobsd_group (evolix by default).
Each user has 2 groups : evobsd_group and user.name.
Only evobsd_group can ssh to server and use doas.

I also added a password restrictions block for IPs/group.
And we make sure the home folder is only readable by owner.
 2020-10-13 16:03:54 +02:00
Jérémy Dubois 10d56cad1e Correction of the stricter ssh access commit 
evolinux_ssh_group was missing
 2020-04-21 11:27:43 +02:00
Patrick Marchand 8b1ce861e3 Add stricter ssh and doas access 2019-09-19 17:07:01 -04:00
Patrick Marchand 846e9aba0e Adds admin tag back to ssh-key task 2019-01-18 15:05:37 -05:00
Patrick Marchand 77269a2c3f Fixed problem with ssh keys 
ssh key variable is a list of keys, not a single key. Use a loop
and the authorized keys module to fix this.
 2019-01-18 09:30:42 -05:00