Jérémy Dubois
2bf8a7e872
Some checks failed
continuous-integration/drone/push Build is failing
Fix #34 We now use a unique evobsd_group (evolix by default). Each user has 2 groups : evobsd_group and user.name. Only evobsd_group can ssh to server and use doas. I also added a password restrictions block for IPs/group. And we make sure the home folder is only readable by owner.
38 lines
1.1 KiB
YAML
38 lines
1.1 KiB
YAML
---
|
|
########################################################
|
|
## Edit and uncomment to overwrite the default values ##
|
|
########################################################
|
|
|
|
# ntpd_servers:
|
|
# - "ntp.evolix.net"
|
|
#
|
|
# general_alert_email: "root@localhost"
|
|
# general_technical_realm: "example.com"
|
|
#
|
|
# evomaintenance_realm: "example.com"
|
|
# evomaintenance_alert_email:
|
|
# "evomaintenance-{{ inventory_hostname }}@{{ evomaintenance_realm }}"
|
|
# evomaintenance_hostname:
|
|
# "{{ inventory_hostname }}.{{ general_technical_realm }}"
|
|
# evomaintenance_pg_host: Null
|
|
# evomaintenance_pg_passwd: Null
|
|
# evomaintenance_pg_db: Null
|
|
# evomaintenance_pg_table: Null
|
|
# evomaintenance_from_domain: "{{ evomaintenance_realm }}"
|
|
# evomaintenance_from: "evomaintenance@{{ evomaintenance_from_domain }}"
|
|
# evomaintenance_full_from: "Evomaintenance <{{ evomaintenance_from }}>"
|
|
# evomaintenance_urgency_from: mama.doe@example.com
|
|
# evomaintenance_urgency_tel: "06.00.00.00.00"
|
|
#
|
|
evobsd_group: "evolix"
|
|
#
|
|
# evolix_users:
|
|
# foo:
|
|
# name: foo
|
|
# uid: 1042
|
|
# fullname: 'Foo Bar (Evolix)'
|
|
# groups: []
|
|
# password_hash_openbsd: ''
|
|
# ssh_keys:
|
|
# - 'ssh-rsa XXXXXXX'
|