Jérémy Dubois
a0139688c6
accounts: create only users who have a certain value for the create
key (default: always
)
2023-06-20 11:03:55 +02:00
Jérémy Dubois
a66e1c1ee9
accounts: configure user home, ssh keys and groups only if it already exists, so that there is no error when run in check mode and user doesn't exist yet
2023-06-20 10:41:52 +02:00
Jérémy Dubois
3d941a99a3
accounts: use a variable for sshd PermitRootLogin
2022-09-02 17:16:30 +02:00
Jérémy Dubois
674a4aa836
update of tags for each tasks and ease the update of scripts
2022-06-23 18:35:39 +02:00
Jérémy Dubois
6667c4b9e8
Syntax : have all task name between quotes
2022-06-23 16:17:42 +02:00
Jérémy Dubois
fe6235f8fb
Multiple fixes
...
- accounts : the user.yml task has a loop in a loop, var name need to be changed
- base, kshrc : fix a previously deleted command on which is based the command that follows
- base, ntp : do not display this task as a change, it only gets some information
2022-01-25 17:28:28 +01:00
Jérémy Dubois
4506c835c5
Improve syntax of accounts role and fix missing tags
2022-01-06 12:01:22 +01:00
Jérémy Dubois
f0ecc79696
accounts: use "evobsd_internal_group" for SSH authentication
2022-01-05 11:16:18 +01:00
Jérémy Dubois
6613c70446
Revert "Add user with legacy hash ($2a…) instead of current hash ($2b…) for OpenBSD versions older than 5.7"
...
continuous-integration/drone/push Build is failing
This reverts commit 4012a014ce
.
Versions older than 5.7 are … old.
We do not handle versions that old.
2020-10-23 10:17:12 +02:00
Jérémy Dubois
4012a014ce
Add user with legacy hash ($2a…) instead of current hash ($2b…) for OpenBSD versions older than 5.7
continuous-integration/drone/push Build is failing
2020-10-22 11:52:54 +02:00
Jérémy Dubois
78686b8730
Stricter ssh and doas access - two separate groups actually needed
...
Fix #34 again
After some discussions, with actually need two separates groups :
- One group for ssh access (evobsd_ssh_group)
- One group for sudo/doas access (evobsd_sudo_group)
We won't need any client group. A client user will be added to the ssh group,
so that we won't have to think about what specific group a user need to be
added in.
2020-10-15 11:01:52 +02:00
Jérémy Dubois
dc2707c004
Fix typo
continuous-integration/drone/push Build is failing
2020-10-13 16:16:52 +02:00
Jérémy Dubois
2bf8a7e872
Stricter ssh and doas access - better version
...
continuous-integration/drone/push Build is failing
Fix #34
We now use a unique evobsd_group (evolix by default).
Each user has 2 groups : evobsd_group and user.name.
Only evobsd_group can ssh to server and use doas.
I also added a password restrictions block for IPs/group.
And we make sure the home folder is only readable by owner.
2020-10-13 16:03:54 +02:00
Patrick Marchand
98089a3274
Fix yaml lint lines too long
...
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
In some cases I used block scalars: https://yaml-multiline.info/
In other cases I added newlines
In rare cases I just ignored the rule: https://yamllint.readthedocs.io/en/stable/disable_with_comments.html
2020-06-04 12:51:53 -04:00
Patrick Marchand
af7b3b36fe
Ansible-lint and yamllint
...
Does not fix all warnings, but gets rid of the purely cosmetic ones.
(roles/accounts/tasks/main.yml)
2020-05-22 11:49:18 -04:00
Jérémy Dubois
10d56cad1e
Correction of the stricter ssh access commit
...
evolinux_ssh_group was missing
2020-04-21 11:27:43 +02:00
Patrick Marchand
8b1ce861e3
Add stricter ssh and doas access
2019-09-19 17:07:01 -04:00
Patrick Marchand
846e9aba0e
Adds admin tag back to ssh-key task
2019-01-18 15:05:37 -05:00
Patrick Marchand
77269a2c3f
Fixed problem with ssh keys
...
ssh key variable is a list of keys, not a single key. Use a loop
and the authorized keys module to fix this.
2019-01-18 09:30:42 -05:00
Tristan PILAT
b555fb1222
Add initial project
2018-12-28 11:23:49 +01:00