Changeset 15389 for main/waeup-ansible


Ignore:
Timestamp:
5 Apr 2019, 23:44:20 (6 years ago)
Author:
uli
Message:

Start vhost 6 after reboots.

Location:
main/waeup-ansible
Files:
4 edited

Legend:

Unmodified
Added
Removed

  • main/waeup-ansible/bootstrap.yml

    r14325 r15389  
    1515    # accounts are active.
    1616    permit_ssh_root: true
     17    # Allow admin users below to become root w/o entering password?
     18    permit_become_root_no_password: true
    1719    # create hashed passwords like this:
    1820    #      $ diceware -d '-' -n 6 --no-caps | tee mypw | mkpasswd -s --method=sha-512 >> mypw
    1921    admin_users:
    20       uli:
    21         hashed_pw: "$6$W3DjhWuk/dDzw2F$ozaXblaUYnEX6NiS9jg.NYFelyPIV8ySxDJGNwbPpTd.oAnmA.754pntuGT1XP.cAcpkCI5b9zWSgOQ09f5HG1"
     22      ulif:
     23        hashed_pw: "$6$iuoXy2wO3elWM6d2$NR/ayKF58q0Bm0BdsR.g.Nt5xYzD0s0t17ZjrYaRpY7nkRekjgHTnqw849pK9FdynmNZAioW6oQBQx3BB5kcd0"
    2224
    2325  roles:

  • main/waeup-ansible/hosts

    r14905 r15389  
    44[vhosts]
    55# localhost:2323 ansible_user=ubuntu ansible_ssh_pass=2d20eb81c5dbe0167f27151c
    6 v1.waeup.org:2323 ansible_user=ubuntu
     6# at least from ubuntu 18.04 on, vagrant is the default user again.
     7v1.waeup.org:2322 ansible_user=ubuntu
    78v2.waeup.org:2323 ansible_user=ubuntu
    8 v3.waeup.org:2324 ansible_user=ubuntu
     9v3.waeup.org:2324 ansible_user=vagrant
    910v4.waeup.org:2325 ansible_user=ubuntu
    1011v5.waeup.org:2326 ansible_user=ubuntu
     12v6.waeup.org:2327 ansible_user=vagrant
    1113
    1214
    1315[bootstrapped]
     16gf5.gnufix.de
     17gf6.gnufix.de
     18gf9.gnufix.de
    1419h8.waeup.org
    1520

  • main/waeup-ansible/playbook-post-reboot.yml

    r15356 r15389  
    9797    args:
    9898      chdir: /home/vhosts/vhost5
     99  - name: Start vagrant vhost6
     100    become_user: vhosts
     101    command: vagrant up
     102    args:
     103      chdir: /home/vhosts/vhost6

  • main/waeup-ansible/roles/openssh/tasks/main.yml

    r13994 r15389  
    88    regexp={{ item.regexp }}
    99  with_items:
     10    - { regexp: '^#HostKey /etc/ssh/ssh_host_rsa_key',
     11        line: 'HostKey /etc/ssh/ssh_host_rsa_key' }
    1012    - { regexp: '^HostKey /etc/ssh/ssh_host_dsa_key',
    1113        line: '# HostKey /etc/ssh/ssh_host_dsa_key' }
    1214    - { regexp: '^HostKey /etc/ssh/ssh_host_ecdsa_key',
    1315        line: '# HostKey /etc/ssh/ssh_host_ecdsa_key' }
     16    - { regexp: '^#HostKey /etc/ssh/ssh_host_ed25519_key',
     17        line: 'HostKey /etc/ssh/ssh_host_ed25519_key' }
    1418  notify: "restart sshd"
    1519
     
    2327  notify: "restart sshd"
    2428
    25 - name: "sshd_config - set secure ciphers from bettercrypto.org"
     29- name: "sshd_config - set secure ciphers from bettercrypto.org (Ubuntu)"
     30  when: ansible_distribution == 'Ubuntu' and ansible_distribution_major_version is version('16', '<=')
     31       
    2632  lineinfile:
    2733    dest=/etc/ssh/sshd_config
     
    3036  notify: "restart sshd"
    3137
    32 - name: "sshd_config - set secure MACs from bettercrypto.org"
     38- name: "sshd_config - set secure ciphers from bettercrypto.org (Debian)"
     39  when: ansible_distribution == 'Debian'
     40       
    3341  lineinfile:
    3442    dest=/etc/ssh/sshd_config
    35     line='MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160'
     43    line='Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr'
    3644    state=present
    3745  notify: "restart sshd"
    3846
    39 - name: "sshd_config - set secure kex algos from bettercrypto.org"
     47- name: "sshd_config - set secure MACs from bettercrypto.orgi (Ubuntu)"
     48  when: ansible_distribution == 'Ubuntu' and ansible_distribution_major_version is version('16', '<=')
     49  lineinfile:
     50    dest=/etc/ssh/sshd_config
     51    line='MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256'
     52    state=present
     53  notify: "restart sshd"
     54
     55- name: "sshd_config - set secure MACs from bettercrypto.org and ssh-audit.py (Debian)"
     56  when: ansible_distribution == 'Debian'
     57  lineinfile:
     58    dest=/etc/ssh/sshd_config
     59    line='MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com'
     60    state=present
     61  notify: "restart sshd"
     62
     63
     64- name: "sshd_config - set secure kex algos from bettercrypto.org (Ubuntu)"
     65  when: ansible_distribution == 'Ubuntu' and ansible_distribution_major_version is version('16', '<=')
    4066  lineinfile:
    4167    dest=/etc/ssh/sshd_config
    4268    line='KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1'
     69    state=present
     70  notify: "restart sshd"
     71
     72- name: "sshd_config - set secure kex algos from bettercrypto.org (Debian)"
     73  when: ansible_distribution == 'Debian'
     74  lineinfile:
     75    dest=/etc/ssh/sshd_config
     76    line='KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512'
    4377    state=present
    4478  notify: "restart sshd"
Note: See TracChangeset for help on using the changeset viewer.