diff options
author | Lars Wirzenius <liw@liw.fi> | 2022-09-01 18:04:38 +0300 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2022-09-01 18:04:38 +0300 |
commit | 1f92937db83f5364fca213868345fbb3f77f3ae7 (patch) | |
tree | 19ec20ecec74c13002b069d85c723dbd7ec21b42 | |
parent | 37710d4402107acac363fbed4a00329aa5eb6c7b (diff) | |
download | ansibleness-1f92937db83f5364fca213868345fbb3f77f3ae7.tar.gz |
VMs on stamina: disable authorized_keys files
Sponsored-by: author
-rw-r--r-- | ansible/apt-dev.yml | 5 | ||||
-rw-r--r-- | ansible/billion.yml | 5 | ||||
-rw-r--r-- | ansible/clab-dev.yml | 5 | ||||
-rw-r--r-- | ansible/debian-ansible-dev.yml | 5 | ||||
-rw-r--r-- | ansible/ewww-dev.yml | 5 | ||||
-rw-r--r-- | ansible/ewww-test.yml | 5 | ||||
-rw-r--r-- | ansible/jt-dev.yml | 5 | ||||
-rw-r--r-- | ansible/obnam-bench.yml | 5 | ||||
-rw-r--r-- | ansible/obnam-dev.yml | 2 | ||||
-rw-r--r-- | ansible/openpgp-ca-dev.yml | 5 | ||||
-rw-r--r-- | ansible/openpgp-card-dev.yml | 5 | ||||
-rw-r--r-- | ansible/python-mess.yml | 8 | ||||
-rw-r--r-- | ansible/rikiwiki-dev.yml | 5 | ||||
-rw-r--r-- | ansible/roadmap-dev.yml | 5 | ||||
-rw-r--r-- | ansible/rust-dev.yml | 5 | ||||
-rw-r--r-- | ansible/sequoia-dev.yml | 5 | ||||
-rw-r--r-- | ansible/sequoia-web.yml | 5 | ||||
-rw-r--r-- | ansible/ssh-dev.yml | 5 | ||||
-rw-r--r-- | ansible/sshca-dev.yml | 5 | ||||
-rwxr-xr-x | ansible/stamina-vm-check.sh | 35 | ||||
-rw-r--r-- | ansible/subplot-dev.yml | 5 | ||||
-rw-r--r-- | ansible/v-i-dev.yml | 5 | ||||
-rw-r--r-- | ansible/vmadm-dev.yml | 5 | ||||
-rw-r--r-- | ansible/vmdb2-dev.yml | 5 | ||||
-rw-r--r-- | ansible/web.yml | 4 |
25 files changed, 148 insertions, 6 deletions
diff --git a/ansible/apt-dev.yml b/ansible/apt-dev.yml index 763528f..54c3d99 100644 --- a/ansible/apt-dev.yml +++ b/ansible/apt-dev.yml @@ -4,6 +4,8 @@ roles: - role: sane_debian_system tags: [sane] + - role: sshd + tags: [sshd] - role: comfortable-debian-system tags: [comfy] - role: unix_users @@ -71,3 +73,6 @@ {{ liw_personal_ssh_pub }} - username: debian sudo: yes + + sshd_version: 1 + sshd_allow_authorized_keys: yes diff --git a/ansible/billion.yml b/ansible/billion.yml index 1357964..841ad45 100644 --- a/ansible/billion.yml +++ b/ansible/billion.yml @@ -3,6 +3,8 @@ become: yes roles: - sane_debian_system + - role: sshd + tags: [sshd] - comfortable-debian-system - unix_users - self-updating-system @@ -20,3 +22,6 @@ - username: liw comment: Lars Wirzenius sudo: yes + + sshd_version: 1 + sshd_allow_authorized_keys: yes diff --git a/ansible/clab-dev.yml b/ansible/clab-dev.yml index 7817e21..5d386e3 100644 --- a/ansible/clab-dev.yml +++ b/ansible/clab-dev.yml @@ -4,6 +4,8 @@ roles: - role: sane_debian_system tags: [sane] + - role: sshd + tags: [sshd] - role: comfortable-debian-system tags: [comfy] - role: unix_users @@ -46,3 +48,6 @@ sane_debian_system_sources_lists: - repo: deb http://ci-prod-controller.vm.liw.fi/debian unstable-ci main signing_key: "{{ ci_prod_signing_key }}" + + sshd_version: 1 + sshd_allow_authorized_keys: yes diff --git a/ansible/debian-ansible-dev.yml b/ansible/debian-ansible-dev.yml index a4969f8..b8f2300 100644 --- a/ansible/debian-ansible-dev.yml +++ b/ansible/debian-ansible-dev.yml @@ -4,6 +4,8 @@ roles: - role: sane_debian_system tags: [sane] + - role: sshd + tags: [sshd] - role: comfortable-debian-system tags: [comfy] - role: unix_users @@ -61,3 +63,6 @@ sane_debian_system_sources_lists: - repo: deb http://ci-prod-controller.vm.liw.fi/debian unstable-ci main signing_key: "{{ ci_prod_signing_key }}" + + sshd_version: 1 + sshd_allow_authorized_keys: yes diff --git a/ansible/ewww-dev.yml b/ansible/ewww-dev.yml index f08a6a5..5a24d37 100644 --- a/ansible/ewww-dev.yml +++ b/ansible/ewww-dev.yml @@ -4,6 +4,8 @@ roles: - role: sane_debian_system tags: [sane] + - role: sshd + tags: [sshd] - role: comfortable-debian-system tags: [comfy] - role: unix_users @@ -50,3 +52,6 @@ sane_debian_system_sources_lists: - repo: deb http://ci-prod-controller.vm.liw.fi/debian unstable-ci main signing_key: "{{ ci_prod_signing_key }}" + + sshd_version: 1 + sshd_allow_authorized_keys: yes diff --git a/ansible/ewww-test.yml b/ansible/ewww-test.yml index 9b826ac..67b2123 100644 --- a/ansible/ewww-test.yml +++ b/ansible/ewww-test.yml @@ -3,6 +3,8 @@ become: yes roles: - role: sane_debian_system + - role: sshd + tags: [sshd] - role: unix_users - role: self-updating-system tasks: @@ -111,3 +113,6 @@ unix_users: - username: _ewww comment: Static web site content + + sshd_version: 1 + sshd_allow_authorized_keys: yes diff --git a/ansible/jt-dev.yml b/ansible/jt-dev.yml index f355ac1..ccb405b 100644 --- a/ansible/jt-dev.yml +++ b/ansible/jt-dev.yml @@ -4,6 +4,8 @@ roles: - role: sane_debian_system tags: [sane] + - role: sshd + tags: [sshd] - role: comfortable-debian-system tags: [comfy] - role: unix_users @@ -43,3 +45,6 @@ sane_debian_system_sources_lists: - repo: deb http://ci-prod-controller.vm.liw.fi/debian unstable-ci main signing_key: "{{ ci_prod_signing_key }}" + + sshd_version: 1 + sshd_allow_authorized_keys: yes diff --git a/ansible/obnam-bench.yml b/ansible/obnam-bench.yml index 0d7f948..7b5c393 100644 --- a/ansible/obnam-bench.yml +++ b/ansible/obnam-bench.yml @@ -4,6 +4,8 @@ roles: - role: sane_debian_system tags: [sane] + - role: sshd + tags: [sshd] - role: unix_users tags: [users] - role: rust-rustup @@ -44,3 +46,6 @@ unix_users: - username: liw comment: Lars Wirzenius + + sshd_version: 1 + sshd_allow_authorized_keys: yes diff --git a/ansible/obnam-dev.yml b/ansible/obnam-dev.yml index 2a9c06e..332d3cb 100644 --- a/ansible/obnam-dev.yml +++ b/ansible/obnam-dev.yml @@ -67,4 +67,4 @@ flamegraph sshd_version: 1 - sshd_allow_authorized_keys: no + sshd_allow_authorized_keys: yes diff --git a/ansible/openpgp-ca-dev.yml b/ansible/openpgp-ca-dev.yml index 32f7bc8..52afa6c 100644 --- a/ansible/openpgp-ca-dev.yml +++ b/ansible/openpgp-ca-dev.yml @@ -4,6 +4,8 @@ roles: - role: sane_debian_system tags: [sane] + - role: sshd + tags: [sshd] - role: version-controller tags: [vcs] - role: unix_users @@ -41,3 +43,6 @@ unix_users: - username: liw comment: Lars Wirzenius + + sshd_version: 1 + sshd_allow_authorized_keys: yes diff --git a/ansible/openpgp-card-dev.yml b/ansible/openpgp-card-dev.yml index b82d2b6..64d9904 100644 --- a/ansible/openpgp-card-dev.yml +++ b/ansible/openpgp-card-dev.yml @@ -4,6 +4,8 @@ roles: - role: sane_debian_system tags: [sane] + - role: sshd + tags: [sshd] - role: version-controller tags: [vcs] - role: unix_users @@ -36,3 +38,6 @@ unix_users: - username: liw comment: Lars Wirzenius + + sshd_version: 1 + sshd_allow_authorized_keys: yes diff --git a/ansible/python-mess.yml b/ansible/python-mess.yml index 9c3abb4..3cbdc91 100644 --- a/ansible/python-mess.yml +++ b/ansible/python-mess.yml @@ -4,8 +4,8 @@ roles: - role: sane_debian_system tags: [sane] - # - role: sshd - # tags: [sshd] + - role: sshd + tags: [sshd] - role: comfortable-debian-system tags: [comfy] - role: unix_users @@ -38,6 +38,4 @@ sudo: yes sshd_version: 1 - sshd_host_key: "{{ lookup('pipe', 'sshca host private-key python-mess') }}" - sshd_host_cert: "{{ lookup('pipe', 'sshca host certify liw.fi/ca/host/v4 python-mess') }}" - sshd_user_ca_pub: "{{ lookup('pipe', 'sshca ca public-key liw.fi/ca/user/v3') }}" + sshd_allow_authorized_keys: yes diff --git a/ansible/rikiwiki-dev.yml b/ansible/rikiwiki-dev.yml index 31d5cfc..79c7139 100644 --- a/ansible/rikiwiki-dev.yml +++ b/ansible/rikiwiki-dev.yml @@ -4,6 +4,8 @@ roles: - role: sane_debian_system tags: [sane] + - role: sshd + tags: [sshd] - role: comfortable-debian-system tags: [comfy] - role: unix_users @@ -58,3 +60,6 @@ rustup_cargo_install: | flamegraph + + sshd_version: 1 + sshd_allow_authorized_keys: yes diff --git a/ansible/roadmap-dev.yml b/ansible/roadmap-dev.yml index f2e5b02..ac98d3a 100644 --- a/ansible/roadmap-dev.yml +++ b/ansible/roadmap-dev.yml @@ -4,6 +4,8 @@ roles: - role: sane_debian_system tags: [sane] + - role: sshd + tags: [sshd] - role: comfortable-debian-system tags: [comfy] - role: unix_users @@ -39,3 +41,6 @@ - username: liw comment: Lars Wirzenius sudo: yes + + sshd_version: 1 + sshd_allow_authorized_keys: yes diff --git a/ansible/rust-dev.yml b/ansible/rust-dev.yml index 7ea3993..23d9ba5 100644 --- a/ansible/rust-dev.yml +++ b/ansible/rust-dev.yml @@ -4,6 +4,8 @@ roles: - role: sane_debian_system tags: [sane] + - role: sshd + tags: [sshd] - role: comfortable-debian-system tags: [comfy] - role: unix_users @@ -35,3 +37,6 @@ sane_debian_system_sources_lists: - repo: deb http://ci-prod-controller.vm.liw.fi/debian unstable-ci main signing_key: "{{ ci_prod_signing_key }}" + + sshd_version: 1 + sshd_allow_authorized_keys: yes diff --git a/ansible/sequoia-dev.yml b/ansible/sequoia-dev.yml index ea38646..6f1af3d 100644 --- a/ansible/sequoia-dev.yml +++ b/ansible/sequoia-dev.yml @@ -4,6 +4,8 @@ roles: - role: sane_debian_system tags: [sane] + - role: sshd + tags: [sshd] - role: unix_users tags: [users] - role: rust-rustup @@ -54,3 +56,6 @@ unix_users: - username: liw comment: Lars Wirzenius + + sshd_version: 1 + sshd_allow_authorized_keys: yes diff --git a/ansible/sequoia-web.yml b/ansible/sequoia-web.yml index eb730e0..b769c9e 100644 --- a/ansible/sequoia-web.yml +++ b/ansible/sequoia-web.yml @@ -3,6 +3,8 @@ become: yes roles: - role: sane_debian_system + - role: sshd + tags: [sshd] - role: unix_users - role: comfortable-debian-system - role: liw @@ -106,3 +108,6 @@ comment: Lars Wirzenius - username: _ewww comment: Static web site content + + sshd_version: 1 + sshd_allow_authorized_keys: yes diff --git a/ansible/ssh-dev.yml b/ansible/ssh-dev.yml index 09d67ff..3b05e70 100644 --- a/ansible/ssh-dev.yml +++ b/ansible/ssh-dev.yml @@ -3,6 +3,8 @@ become: yes roles: - role: sane_debian_system + - role: sshd + tags: [sshd] - role: unix_users vars: ansible_python_interpreter: /usr/bin/python3 @@ -15,3 +17,6 @@ unix_users_version: 2 unix_users: - username: liw + + sshd_version: 1 + sshd_allow_authorized_keys: yes diff --git a/ansible/sshca-dev.yml b/ansible/sshca-dev.yml index c6843b0..dd5097a 100644 --- a/ansible/sshca-dev.yml +++ b/ansible/sshca-dev.yml @@ -4,6 +4,8 @@ roles: - role: sane_debian_system tags: [sane] + - role: sshd + tags: [sshd] - role: comfortable-debian-system tags: [comfy] - role: unix_users @@ -47,3 +49,6 @@ sane_debian_system_sources_lists: - repo: deb http://ci-prod-controller.vm.liw.fi/debian unstable-ci main signing_key: "{{ ci_prod_signing_key }}" + + sshd_version: 1 + sshd_allow_authorized_keys: yes diff --git a/ansible/stamina-vm-check.sh b/ansible/stamina-vm-check.sh new file mode 100755 index 0000000..0934ad4 --- /dev/null +++ b/ansible/stamina-vm-check.sh @@ -0,0 +1,35 @@ +#!/bin/bash + +set -eu + +playbooks=" +apt-dev +billion +clab-dev +debian-ansible-dev +ewww-dev +ick2-dev +icktool +jt-dev +obnam-bench +obnam-dev +openpgp-ca-dev +openpgp-card-dev +python-mess +rikiwiki-dev +roadmap-dev +rust-dev +sequoia-dev +sequoia-web +ssh-dev +sshca-dev +subplot-dev +v-i-dev +vmadm-dev +vmdb2-dev +" + +for x in $playbooks; do + echo "$x" + ssh "$x" hostname +done diff --git a/ansible/subplot-dev.yml b/ansible/subplot-dev.yml index 643429f..71741e7 100644 --- a/ansible/subplot-dev.yml +++ b/ansible/subplot-dev.yml @@ -4,6 +4,8 @@ roles: - role: sane_debian_system tags: [sane] + - role: sshd + tags: [sshd] - role: comfortable-debian-system tags: [comfy] - role: unix_users @@ -49,3 +51,6 @@ unix_users: - username: liw comment: Lars Wirzenius + + sshd_version: 1 + sshd_allow_authorized_keys: yes diff --git a/ansible/v-i-dev.yml b/ansible/v-i-dev.yml index 615f896..6c9e948 100644 --- a/ansible/v-i-dev.yml +++ b/ansible/v-i-dev.yml @@ -4,6 +4,8 @@ roles: - role: sane_debian_system tags: [sane] + - role: sshd + tags: [sshd] - role: comfortable-debian-system tags: [comfy] - role: unix_users @@ -47,3 +49,6 @@ sane_debian_system_sources_lists: - repo: deb http://ci-prod-controller.vm.liw.fi/debian unstable-ci main signing_key: "{{ ci_prod_signing_key }}" + + sshd_version: 1 + sshd_allow_authorized_keys: yes diff --git a/ansible/vmadm-dev.yml b/ansible/vmadm-dev.yml index cdfd428..2f5aaa5 100644 --- a/ansible/vmadm-dev.yml +++ b/ansible/vmadm-dev.yml @@ -4,6 +4,8 @@ roles: - role: sane_debian_system tags: [sane] + - role: sshd + tags: [sshd] - role: comfortable-debian-system tags: [comfy] - role: unix_users @@ -63,3 +65,6 @@ - username: liw comment: Lars Wirzenius sudo: yes + + sshd_version: 1 + sshd_allow_authorized_keys: yes diff --git a/ansible/vmdb2-dev.yml b/ansible/vmdb2-dev.yml index e54f717..ef2cca6 100644 --- a/ansible/vmdb2-dev.yml +++ b/ansible/vmdb2-dev.yml @@ -4,6 +4,8 @@ roles: - role: sane_debian_system tags: [sane] + - role: sshd + tags: [sshd] - role: comfortable-debian-system tags: [comfy] - role: unix_users @@ -63,3 +65,6 @@ sane_debian_system_sources_lists: - repo: deb http://ci-prod-controller.vm.liw.fi/debian unstable-ci main signing_key: "{{ ci_prod_signing_key }}" + + sshd_version: 1 + sshd_allow_authorized_keys: yes diff --git a/ansible/web.yml b/ansible/web.yml index ad17168..26f0602 100644 --- a/ansible/web.yml +++ b/ansible/web.yml @@ -3,6 +3,8 @@ become: yes roles: - role: sane_debian_system + - role: sshd + tags: [sshd] - role: unix_users - role: self-updating-system tasks: @@ -108,3 +110,5 @@ - username: _ewww comment: Static web site content + sshd_version: 1 + sshd_allow_authorized_keys: yes |