diff options
Diffstat (limited to 'ansible/atuin.liw.fi.yml')
| -rw-r--r-- | ansible/atuin.liw.fi.yml | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/ansible/atuin.liw.fi.yml b/ansible/atuin.liw.fi.yml index cf0a223..46c78e8 100644 --- a/ansible/atuin.liw.fi.yml +++ b/ansible/atuin.liw.fi.yml @@ -2,6 +2,7 @@ remote_user: root roles: - hetzner-network-bridge + - sshd - role: ferm-firewalled tags: [ferm] - sane_debian_system @@ -76,6 +77,10 @@ ferm_iface_ext: "{{ bridge_nic }}" + sshd_version: 1 + sshd_host_key: "{{ lookup('pipe', 'sshca host private-key atuin.liw.fi') }}" + sshd_host_cert: "{{ lookup('pipe', 'sshca host certify liw.fi/ca/host/v5 atuin.liw.fi') }}" + sshd_user_ca_pub: "{{ lookup('pipe', 'sshca ca public-key liw.fi/ca/user/v5') }}" - hosts: nalanda remote_user: root @@ -95,6 +100,7 @@ group: root mode: 0644 roles: + - sshd - role: ferm-firewalled tags: [ferm] - sane_debian_system @@ -201,6 +207,10 @@ smarthost_password: "{{ lookup('pipe', 'pass show pieni.net/pienirelay') }}" relayhost: pieni.net:587 + sshd_version: 1 + sshd_host_key: "{{ lookup('pipe', 'sshca host private-key nalanda.liw.fi') }}" + sshd_host_cert: "{{ lookup('pipe', 'sshca host certify liw.fi/ca/host/v5 nalanda.liw.fi') }}" + sshd_user_ca_pub: "{{ lookup('pipe', 'sshca ca public-key liw.fi/ca/user/v5') }}" # - hosts: gregvm # remote_user: root |