diff options
| author | Lars Wirzenius <liw@liw.fi> | 2022-09-04 10:04:27 +0300 |
|---|---|---|
| committer | Lars Wirzenius <liw@liw.fi> | 2022-09-04 10:04:27 +0300 |
| commit | 22ba6cecc6bdc370f36ea2a71077aa3f8a9e2f67 (patch) | |
| tree | 94b7dae9b801adf0e3e82b5d9d693d19abcc6f89 | |
| parent | e830e74c4ae4bb34e1e041b8e55ddc1511407392 (diff) | |
| download | debian-ansible-22ba6cecc6bdc370f36ea2a71077aa3f8a9e2f67.tar.gz | |
fix: drop adding hostname to /etc/hosts as an alias for 127.0.0.1
It doesn't seem to serve any useful purpose, but it bothers a Puomi
router then servers 127.0.0.1 as its own address to its DHCP clients.
Sponsored-by: author
| -rw-r--r-- | roles/sane_debian_system/subplot.md | 1 | ||||
| -rw-r--r-- | roles/sane_debian_system/tasks/env.yml | 7 | ||||
| -rw-r--r-- | roles/sshd/tasks/main.yml | 24 |
3 files changed, 24 insertions, 8 deletions
diff --git a/roles/sane_debian_system/subplot.md b/roles/sane_debian_system/subplot.md index 81bab9e..56cc66f 100644 --- a/roles/sane_debian_system/subplot.md +++ b/roles/sane_debian_system/subplot.md @@ -23,7 +23,6 @@ and the host has the locales package installed and the host has the ntp package installed and the host has an empty /etc/apt/sources.list.d directory and the host has hostname saneone -and the host has saneone in /etc/hosts for 127.0.1.1 ~~~ ~~~{#sane1.yml .file .yaml} diff --git a/roles/sane_debian_system/tasks/env.yml b/roles/sane_debian_system/tasks/env.yml index 20f93ef..0539fee 100644 --- a/roles/sane_debian_system/tasks/env.yml +++ b/roles/sane_debian_system/tasks/env.yml @@ -14,13 +14,6 @@ name: "{{ sane_debian_system_hostname }}" when: sane_debian_system_hostname != "" -- name: add hostname to /etc/hosts - lineinfile: - dest: /etc/hosts - regexp: '^127\.0\.1\.1 ' - line: "127.0.1.1 {{ sane_debian_system_hostname }}" - when: sane_debian_system_hostname is defined - - name: set timezone timezone: name: "{{ sane_debian_system_timezone }}" diff --git a/roles/sshd/tasks/main.yml b/roles/sshd/tasks/main.yml index e601969..3855e30 100644 --- a/roles/sshd/tasks/main.yml +++ b/roles/sshd/tasks/main.yml @@ -32,6 +32,30 @@ dest: /etc/ssh/sshd_config.d/host_id.conf notify: sshd_restart +- name: "Remove old host key settings from /etc/ssh/sshd_config" + when: sshd_host_key is defined and sshd_host_cert is defined + lineinfile: + path: /etc/ssh/sshd_config + state: absent + regex: "(?i)hostkey" + notify: sshd_restart + +- name: "Remove old host cert settings from /etc/ssh/sshd_config" + when: sshd_host_key is defined and sshd_host_cert is defined + lineinfile: + path: /etc/ssh/sshd_config + state: absent + regex: "(?i)hostcertificate" + notify: sshd_restart + +- name: "Remove old user CA settings from /etc/ssh/sshd_config" + when: sshd_host_key is defined and sshd_host_cert is defined + lineinfile: + path: /etc/ssh/sshd_config + state: absent + regex: "(?i)trustedusercakeys" + notify: sshd_restart + - name: "Remove obsolete SSH host keys and certificates" when: sshd_host_key is defined and sshd_host_cert is defined shell: | |