Jérémy Dubois
3d941a99a3
accounts: use a variable for sshd PermitRootLogin
2022-09-02 17:16:30 +02:00
Jérémy Dubois
674a4aa836
update of tags for each tasks and ease the update of scripts
2022-06-23 18:35:39 +02:00
Jérémy Dubois
6667c4b9e8
Syntax : have all task name between quotes
2022-06-23 16:17:42 +02:00
Jérémy Dubois
4506c835c5
Improve syntax of accounts role and fix missing tags
2022-01-06 12:01:22 +01:00
Jérémy Dubois
f0ecc79696
accounts: use "evobsd_internal_group" for SSH authentication
2022-01-05 11:16:18 +01:00
Jérémy Dubois
78686b8730
Stricter ssh and doas access - two separate groups actually needed
...
Fix #34 again
After some discussions, with actually need two separates groups :
- One group for ssh access (evobsd_ssh_group)
- One group for sudo/doas access (evobsd_sudo_group)
We won't need any client group. A client user will be added to the ssh group,
so that we won't have to think about what specific group a user need to be
added in.
2020-10-15 11:01:52 +02:00
Jérémy Dubois
2bf8a7e872
Stricter ssh and doas access - better version
...
continuous-integration/drone/push Build is failing
Fix #34
We now use a unique evobsd_group (evolix by default).
Each user has 2 groups : evobsd_group and user.name.
Only evobsd_group can ssh to server and use doas.
I also added a password restrictions block for IPs/group.
And we make sure the home folder is only readable by owner.
2020-10-13 16:03:54 +02:00
Patrick Marchand
98089a3274
Fix yaml lint lines too long
...
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
In some cases I used block scalars: https://yaml-multiline.info/
In other cases I added newlines
In rare cases I just ignored the rule: https://yamllint.readthedocs.io/en/stable/disable_with_comments.html
2020-06-04 12:51:53 -04:00
Patrick Marchand
af7b3b36fe
Ansible-lint and yamllint
...
Does not fix all warnings, but gets rid of the purely cosmetic ones.
(roles/accounts/tasks/main.yml)
2020-05-22 11:49:18 -04:00
Jérémy Dubois
10d56cad1e
Correction of the stricter ssh access commit
...
evolinux_ssh_group was missing
2020-04-21 11:27:43 +02:00
Patrick Marchand
8b1ce861e3
Add stricter ssh and doas access
2019-09-19 17:07:01 -04:00
Patrick Marchand
77269a2c3f
Fixed problem with ssh keys
...
ssh key variable is a list of keys, not a single key. Use a loop
and the authorized keys module to fix this.
2019-01-18 09:30:42 -05:00
Tristan PILAT
b555fb1222
Add initial project
2018-12-28 11:23:49 +01:00