diff options
| author | Lars Wirzenius <liw@liw.fi> | 2022-08-19 11:08:00 +0300 |
|---|---|---|
| committer | Lars Wirzenius <liw@liw.fi> | 2022-08-19 11:08:00 +0300 |
| commit | add0f72d7206b2f64973568081650f7bb3b14141 (patch) | |
| tree | f169b67735e09aeb1dc0e7b3dcacf1f7b784b82d | |
| parent | 3ef587a66787bdff1d2457bb8e4d1262d9791464 (diff) | |
| download | ansibleness-add0f72d7206b2f64973568081650f7bb3b14141.tar.gz | |
exolobe1-spec: set host key and cert for installation
This quite a temporary key and cert.
Sponsored-by: author
| -rw-r--r-- | ansible/exolobe1.yml | 24 | ||||
| -rw-r--r-- | v-i/exolobe1-spec.yaml | 10 |
2 files changed, 17 insertions, 17 deletions
diff --git a/ansible/exolobe1.yml b/ansible/exolobe1.yml index b5425d4..ddbb61b 100644 --- a/ansible/exolobe1.yml +++ b/ansible/exolobe1.yml @@ -3,24 +3,9 @@ become: no roles: - sane_debian_system + - sshd - unix_users - tasks: - - apt: - name: - - libpam-yubico - - lineinfile: - path: /etc/pam.d/common-auth - regex: pam_yubico.so - line: "auth required pam_yubico.so mode=challenge-response chalresp_path=/etc/yubikey_chalresp" - - file: - state: directory - path: /etc/yubikey_chalresp - mode: 0700 - - copy: - content: | - {{ lookup('pipe', 'pass libpam-yubico/liw/y5.chalresp') }} - dest: "/etc/yubikey_chalresp/liw-{{ lookup('pipe', 'pass libpam-yubico/liw/y5.serial') }}" - mode: 0600 + - gnome-system vars: ansible_python_interpreter: /usr/bin/python3 @@ -45,5 +30,10 @@ authorized_keys: | {{ liw_personal_ssh_pub }} + sshd_version: 1 + sshd_host_key: "{{ lookup('pipe', 'sshca host private-key exolobe1') }}" + sshd_host_cert: "{{ lookup('pipe', 'sshca host certify liw.fi/ca/host/v3 exolobe1') }}" + sshd_user_ca_pub: "{{ lookup('pipe', 'sshca ca public-key liw.fi/ca/user/v3') }}" + rustup_cargo_install: | starship diff --git a/v-i/exolobe1-spec.yaml b/v-i/exolobe1-spec.yaml index dcc4019..b063753 100644 --- a/v-i/exolobe1-spec.yaml +++ b/v-i/exolobe1-spec.yaml @@ -5,5 +5,15 @@ extra_lvs: size: 300G mounted: /home ansible_vars: + host_key: | + -----BEGIN OPENSSH PRIVATE KEY----- + b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW + QyNTUxOQAAACDrR+77pLmmtG2oAtcaot5ZIgU7FriMoDSCejG33dsfjgAAAIietrwbnra8 + GwAAAAtzc2gtZWQyNTUxOQAAACDrR+77pLmmtG2oAtcaot5ZIgU7FriMoDSCejG33dsfjg + AAAEAugoV1wqYMsAYSW1su3W3WyWh4ZIWNbvDIkphOGOS0eetH7vukuaa0bagC1xqi3lki + BTsWuIygNIJ6Mbfd2x+OAAAAAAECAwQF + -----END OPENSSH PRIVATE KEY----- + host_cert: | + ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIBP8EBgXCPNnMmQyA/yi1TR7gvC/x4nuy07Rerr5YiZEAAAAIOtH7vukuaa0bagC1xqi3lkiBTsWuIygNIJ6Mbfd2x+OAAAAAAAAAAAAAAACAAAAJGhvc3QgY2VydGlmaWNhdGUgZm9yIC1uZXhvbG9iZTEgb25seQAAAAwAAAAIZXhvbG9iZTEAAAAAYv80eAAAAABi/0LWAAAAAAAAAAAAAAAAAAAASgAAABpzay1zc2gtZWQyNTUxOUBvcGVuc3NoLmNvbQAAACDeJ1TbK+3I9g06kkVHB3IeEWOikNT4BAd1S0NFgwfjNwAAAARzc2g6AAAAZwAAABpzay1zc2gtZWQyNTUxOUBvcGVuc3NoLmNvbQAAAECkEfhBJWCzRnqDZb3XnrBJNOb41pwpKtC3u4fKodkUjjag3+Sp0myTVexUaTAOGF0OSrrk/j0YdZIeArWTaroDAQAAAsw= /tmp/.tmpximUbQ/sub.pub user_pub: | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPQe6lsTapAxiwhhEeE/ixuK+5N8esCsMWoekQqjtxjP liw personal systems |