kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-08-29 15:06:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

Optimized .mds and meta/main.yml for postfix,python-pip,restart-docker & sshd

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach
2025-03-14 13:33:28 +01:00
parent efa139705a
commit 26abfd441a
8 changed files with 185 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
roles/sshd/README.md
View File

@@ -1,11 +1,26 @@
# role sshd
## dependencies
This role depends on that a well configured user administrator exist.
For this reason this role depends on the role user-administrator.
A wrong configuration of this role can lead to an lockout of the system which just will be reversal via chroot.
# SSHD
## PAM
## Description
This role configures the SSH daemon ([sshd](https://man7.org/linux/man-pages/man5/sshd_config.5.html)) on the target system by deploying a templated configuration file. It ensures that secure and proper SSH settings are applied, reducing the risk of misconfiguration and potential lockout.
## Overview
Optimized for secure remote access, this role:
- Generates an SSH daemon configuration file from a Jinja2 template.
- Sets appropriate ownership and permissions on the configuration file.
- Notifies systemd to restart the SSH daemon when changes are made.
## Purpose
The primary purpose of this role is to establish a secure SSH environment by deploying a well-configured sshd_config file. This helps prevent unauthorized access and potential system lockouts, while ensuring that the SSH service runs smoothly.
## Features
- **SSH Configuration Deployment:** Creates an sshd_config file with best-practice settings.
- **Systemd Integration:** Automatically restarts the SSH service upon configuration changes.
- **Security Enhancements:** Enforces secure defaults such as disabled root login and public key authentication.
## Further Information
- https://www.google.com/search?client=firefox-b-d&q=sshd+why+to+deactivate+pam
# see
- https://man7.org/linux/man-pages/man5/sshd_config.5.html

25
roles/sshd/meta/main.yml
View File

@@ -1,2 +1,25 @@
---
galaxy_info:
author: "Kevin Veen-Birkenbach"
description: "Configures a secure SSH daemon environment by deploying a templated sshd_config file and restarting the SSH service as needed."
license: "CyMaIS NonCommercial License (CNCL)"
license_url: "https://s.veen.world/cncl"
company: |
Kevin Veen-Birkenbach
Consulting & Coaching Solutions
https://www.veen.world
min_ansible_version: "2.9"
platforms:
- name: Linux
versions:
- all
galaxy_tags:
- sshd
- ssh
- security
- configuration
repository: "https://s.veen.world/cymais"
issue_tracker_url: "https://s.veen.world/cymaisissues"
documentation: "https://s.veen.world/cymais"
dependencies:
- user-administrator
- user-administrator