Jérémy Dubois
6613c70446
Revert "Add user with legacy hash ($2a…) instead of current hash ($2b…) for OpenBSD versions older than 5.7"
...
continuous-integration/drone/push Build is failing
This reverts commit 4012a014ce
.
Versions older than 5.7 are … old.
We do not handle versions that old.
2020-10-23 10:17:12 +02:00
Jérémy Dubois
4012a014ce
Add user with legacy hash ($2a…) instead of current hash ($2b…) for OpenBSD versions older than 5.7
continuous-integration/drone/push Build is failing
2020-10-22 11:52:54 +02:00
Jérémy Dubois
78686b8730
Stricter ssh and doas access - two separate groups actually needed
...
Fix #34 again
After some discussions, with actually need two separates groups :
- One group for ssh access (evobsd_ssh_group)
- One group for sudo/doas access (evobsd_sudo_group)
We won't need any client group. A client user will be added to the ssh group,
so that we won't have to think about what specific group a user need to be
added in.
2020-10-15 11:01:52 +02:00
Jérémy Dubois
dc2707c004
Fix typo
continuous-integration/drone/push Build is failing
2020-10-13 16:16:52 +02:00
Jérémy Dubois
2bf8a7e872
Stricter ssh and doas access - better version
...
continuous-integration/drone/push Build is failing
Fix #34
We now use a unique evobsd_group (evolix by default).
Each user has 2 groups : evobsd_group and user.name.
Only evobsd_group can ssh to server and use doas.
I also added a password restrictions block for IPs/group.
And we make sure the home folder is only readable by owner.
2020-10-13 16:03:54 +02:00
Patrick Marchand
98089a3274
Fix yaml lint lines too long
...
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
In some cases I used block scalars: https://yaml-multiline.info/
In other cases I added newlines
In rare cases I just ignored the rule: https://yamllint.readthedocs.io/en/stable/disable_with_comments.html
2020-06-04 12:51:53 -04:00
Patrick Marchand
af7b3b36fe
Ansible-lint and yamllint
...
Does not fix all warnings, but gets rid of the purely cosmetic ones.
(roles/accounts/tasks/main.yml)
2020-05-22 11:49:18 -04:00
Jérémy Dubois
10d56cad1e
Correction of the stricter ssh access commit
...
evolinux_ssh_group was missing
2020-04-21 11:27:43 +02:00
Patrick Marchand
8b1ce861e3
Add stricter ssh and doas access
2019-09-19 17:07:01 -04:00
Patrick Marchand
846e9aba0e
Adds admin tag back to ssh-key task
2019-01-18 15:05:37 -05:00
Patrick Marchand
77269a2c3f
Fixed problem with ssh keys
...
ssh key variable is a list of keys, not a single key. Use a loop
and the authorized keys module to fix this.
2019-01-18 09:30:42 -05:00
Tristan PILAT
b555fb1222
Add initial project
2018-12-28 11:23:49 +01:00