evolix/ansible-roles
22
2
Fork 2
Code Issues 61 Pull requests 19 Releases 33 Wiki Activity
3198 commits 77 branches 57 tags 128 MiB
Commit graph

36 commits

Author SHA1 Message Date
David Prevot 0ed1fb9f0a evolinux-base: add wrapper task file for backward compatibility
All checks were successful
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2769|4|2765|4|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/228//ansiblelint">Evolix » ansible-roles » unstable #228</a>
Details
gitea/ansible-roles/pipeline/head This commit looks good
Details
2023-03-27 16:13:11 +02:00
Jérémy Lecour 958109c3b3 evolinux-base: reorganize ssh section
All checks were successful
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |4717|90|4627|233|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/218//ansiblelint">Evolix » ansible-roles » unstable #218</a>
Details
gitea/ansible-roles/pipeline/head This commit looks good
Details
2023-03-18 18:40:03 +01:00
Jérémy Lecour 3c9be8d913 fix more Ansible syntax 2021-05-09 23:20:15 +02:00
Jérémy Lecour 7283e34077 Replace version_compare() with version() 2020-02-25 10:45:35 +01:00
Jérémy Lecour 79bb6103b8 Change "|version_compare" with "is version_compare" 2019-12-31 10:18:19 +01:00
Jérémy Lecour b31159c9d2 evolinux-base: use "evolinux_internal_group" for SSH authentication 2019-09-22 22:26:21 +02:00
Jérémy Lecour fecdbb0406 evolinux-base: use the variable for the "ssh" group name
Some checks reported errors
continuous-integration/drone/pr Build encountered an error
Details
continuous-integration/drone/push Build is passing
Details
2019-06-24 17:08:01 +02:00
Ludovic Poujol 334b8a3f0d evolinux-base: Validate sshd config with "sshd -t" 
See #52 - It seems the behaviour changed with the recent releases, -T 
that does an extended test now fails on "Match" blocks when no context 
is given through -C
 2019-06-17 09:47:22 +02:00
Jérémy Lecour a94c94018c normalize some arguments positions 2019-01-01 20:02:50 +01:00
Gregory Colpart 20f6371980 typo 2018-05-01 19:38:55 +02:00
Jérémy Lecour 8384e8ba43 evolinux: groups for SSH configuration are used with Debian 10 and later 2018-04-20 14:38:55 +02:00
Jérémy Lecour b01d9178d0 evolinux-users: split AllowGroups/AllowUsers modes 
If an AllowGroups directive is found or when using Debian 9+,
we use the AllowGroups directive and comment AllowUsers that may be
already present.
When adding a user, we make sure that the allowed group exists
and the use is in that group, to be sure that at least this user
is allowed to connect.

In other situations, we use the AllowUsers directive.
 2018-04-18 12:16:04 +02:00
Jérémy Lecour 8abed3e258 Use "command" instead of "shell" where possible 2018-04-04 23:36:00 +02:00
Jérémy Lecour b4e4b14fc6 Invert SSH Match User directives 2017-10-17 10:28:48 +02:00
Jérémy Lecour 13e1c0486b "egrep" is deprecated, use "grep -E" 2017-10-08 22:47:03 +02:00
Jérémy Lecour a07d1d873a evolinux-base: bad group for password restrictions 2017-10-08 12:49:55 +02:00
Jérémy Lecour 6984c121c2 evolinux-base/ssh: syntax clarity 
"X != []" seems better than "not X == []"
when the variable name is quite long
and even more when we already use "X == []" in a previous condition
 2017-10-08 12:48:56 +02:00
Jérémy Lecour 518353268a evolinux-base: logname command doesn't change 2017-10-07 22:56:37 +02:00
Jérémy Lecour 094ad8c28d evolinux-base: improve AllowUsers for current user 2017-10-07 22:17:38 +02:00
Jérémy Lecour 03bc456dfa evolinux-base: allow ssh for current user 
When you're not sure to have a proper ssh connection after install,
you can keep the current user authorized.
Example: when using vagrant

This is disabled by default
 2017-10-07 13:12:03 +02:00
Jérémy Lecour 7b88393ccf Refactoring of admin-users + evolinux-base roles 
* rename admin-users to evolinux-users
* splitting the "sudo" part for users between jessie and stretch
* with stretch, the sudo group is customizable and properly configured
* import evolinux-users role from evolinux-base at proper time
  to ensure ssh connections are possible for other users before
  cutting root's access
* evomaintenance is also included in evolinux-base to have it available
  when users are created
 2017-10-06 01:06:59 +02:00
Jérémy Lecour be32fd9a23 Remove useless comments 2017-10-05 00:29:14 +02:00
Jérémy Lecour 3a9b95cedc evolinux-base: fallback with warning for ssh without addresses 2017-09-14 14:26:00 +02:00
Gregory Colpart a074f6488a we use now evolinux-sudo group to set sudo rights 2017-09-08 01:26:53 +02:00
Gregory Colpart 5226082db0 evolinux-base and admin-users are only compatible Debian >=8, declare once in main.yml and that's all 
(will be probably generalized to others modules if needed)
 2017-08-22 01:37:04 +02:00
Benoît S. a95d7893c5 Add a comment about AcceptEnv 2017-08-18 14:37:34 +02:00
Gregory Colpart d82b12b614 fail when evolinux_ssh_password_auth_addresses is empty instead of Ansible crash (like for minifirewall) 2017-08-18 04:13:56 +02:00
Jérémy Lecour 4b8456c5b7 Fix ssh security policy 2017-08-05 12:13:42 -04:00
Jérémy Lecour adc3bd7a93 Fix ssh LogLevel 
* the directive can be present but commented
* the version comparison was wrong
 2017-07-19 13:49:08 +02:00
Jérémy Lecour d3af1320c9 SSH: log level to verbose for Stretch and later 2017-06-14 15:53:15 +02:00
Jérémy Lecour 5b2ab0d8d3 Ansible >= 2.2 supported 2017-03-24 14:15:09 +01:00
Jérémy Lecour 8920ff1ee4 Add "always_run: yes" where it's pertinent 
There is also the "check_mode: no", but commented,
for when we switch to Ansible 2.2
 2017-01-31 11:45:35 +01:00
Jérémy Lecour e1654414ea evolinux-base: flush handlers at end of each include 2017-01-03 17:02:23 +01:00
Jérémy Lecour 130e1f2b0e evolinux-base: add conditions for most of tasks 2017-01-03 16:38:04 +01:00
Jérémy Lecour 17ed9bc28e evolinux-base: SSH MatchAddress skips when empty array 2017-01-03 11:44:20 +01:00
Jérémy Lecour b2971d1f7d evolinux-base: add ssh.yml 
* disable root login
* list authorized addresses
* disable AcceptEnv
 2016-12-27 14:04:12 +01:00