Optimized different roles

This commit is contained in:
Kevin Veen-Birkenbach 2022-03-17 16:28:57 +01:00
parent 828155f4dc
commit 19354e7cfb
5 changed files with 37 additions and 23 deletions

View File

@ -22,16 +22,8 @@
become: true
roles:
- native-wireguard-behind-firewall
- name: setup replica backup hosts
hosts: replica_backup_hosts
become: true
roles:
- role: native-pull-primary-backups
- name: setup backups cleanup
hosts: backups_cleanup
become: true
roles:
- role: native-backups-cleanup
# Native Webserver Roles
- name: setup homepages
hosts: homepage_hosts
become: true
@ -39,6 +31,15 @@
- role: native-homepage
vars:
domain: "{{top_domain}}"
- name: setup redirect hosts
hosts: redirect_hosts
become: true
roles:
- role: native-https-redirect
vars:
domain_mappings: "{{redirect_domain_mappings}}"
# Docker Roles
- name: setup nextcloud hosts
hosts: nextcloud_hosts
become: true
@ -65,13 +66,6 @@
vars:
domains: "{{wordpress_domains}}"
http_port: 8003
- name: setup redirect hosts
hosts: redirect_hosts
become: true
roles:
- role: native-https-redirect
vars:
domain_mappings: "{{redirect_domain_mappings}}"
- name: setup mediawiki hosts
hosts: mediawiki_hosts
become: true
@ -125,3 +119,15 @@
vars:
domain: akaunting.{{top_domain}}
http_port: 8080
# Backup Roles
- name: setup replica backup hosts
hosts: replica_backup_hosts
become: true
roles:
- role: native-pull-primary-backups
- name: setup backups cleanup
hosts: backups_cleanup
become: true
roles:
- role: native-backups-cleanup

View File

@ -1,6 +1,8 @@
- name: create sshd_config
copy:
src: sshd_config
template:
src: "sshd_config.j2"
dest: /etc/ssh/sshd_config
backup: yes
owner: root
group: root
mode: '0644'
notify: sshd restart

View File

@ -108,7 +108,11 @@ PrintMotd no # pam does that
#Banner none
# override default of no subsystems
Subsystem sftp /usr/lib/ssh/sftp-server
{% if ansible_os_family == "Archlinux" %}
Subsystem sftp /usr/lib/ssh/sftp-server
{% else%}
Subsystem sftp /usr/lib/openssh/sftp-server
{% endif %}
# Example of overriding settings on a per-user basis
#Match User anoncvs

View File

@ -1 +1,3 @@
command="/home/backup/ssh-wrapper.sh" {{authorized_keys}}
{% for authorized_key in authorized_keys_list %}
command="/home/backup/ssh-wrapper.sh" {{authorized_key}}
{% endfor %}

View File

@ -1,2 +1,2 @@
authorized_keys_path: "{{ inventory_dir }}/files/{{ inventory_hostname }}/home/backup/.ssh/authorized_keys"
authorized_keys: "{{ lookup('file', authorized_keys_path) }}"
authorized_keys_list: "{{ lookup('file', authorized_keys_path).splitlines() }}"