feat ansible ssh configuration

README.md

@@ -13,9 +13,12 @@ The server itself is on its own vlan (Vlan: homesrv) but requires communication
 Using [code-server docker container](#code-server) for Development / Maintenance.
 
 <!-- omit in toc -->
+
 ## Table of Contents
 
+- [Table of Contents](#table-of-contents)
 - [Services](#services)
+  - [SSH](#ssh)
   - [Docker](#docker)
   - [Volumes](#volumes)
   - [Portainer](#portainer)
@@ -36,11 +39,14 @@ Using [code-server docker container](#code-server) for Development / Maintenance
   - [Packages and Requirements](#packages-and-requirements)
   - [Users \& Groups](#users--groups)
   - [fstab](#fstab)
-  - [ssh](#ssh)
   - [Update](#update)
 
 ## Services
 
+### SSH
+
+Deployed and maintained by ansible role [myInfra.dev.homesrv1](./ansible/roles/myInfra.dev.homesrv01/README.md).
+
 ### Docker
 
 ### Volumes
@@ -311,17 +317,6 @@ usermod -aG docker admin
 sshfs#media@nas.lan:/home/media /mnt/media@sshfs:nas.lan fuse defaults,_netdev,allow_other,follow_symlinks 0 0
 ```
 
-### ssh
-
-```bash
-#/etc/ssh/sshd_config
-PermitRootLogin no
-```
-
-```bash
-systemctl restart ssh
-```
-
 ### Update
 
 ```bash

ansible/roles/myInfra.dev.homesrv01/.gitignore

@@ -0,0 +1,27 @@
+# Ansible Tower ignore list
+
+# Ansible runtime and backups
+*.original
+*.tmp
+*.bkp
+*.retry
+*.*~
+
+# Tower runtime roles 
+roles/**
+!roles/myInfra.dev.homesrv01
+!roles/requirements.yml
+
+# Try tyo avoid any plain-text passwords 
+*pwd*
+*pass*
+*password*
+*.txt
+
+# Exclude all binaries
+*.bin
+*.jar
+*.tar
+*.zip
+*.gzip
+*.tgz

ansible/roles/myInfra.dev.homesrv01/handlers/main.yml

@@ -0,0 +1,6 @@
+---
+- import_tasks: services.ssh.yml
+
+
+
+

ansible/roles/myInfra.dev.homesrv01/handlers/services.ssh.yml

@@ -0,0 +1,8 @@
+---
+- name: SSH - Restart Service
+  become: true
+  ansible.builtin.service:
+    daemon_reload: true
+    name: ssh
+    enabled: true
+    state: restarted

ansible/roles/myInfra.dev.homesrv01/meta/main.yml

@@ -50,10 +50,11 @@ galaxy_info:
     # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
     #       Maximum 20 tags per role.
 
-dependencies:
+# dependencies:
-  - role: myInfra.journald
+#  - role: myInfra.journald
-  - role: myInfra.docker.portainer
+#  - role: myInfra.docker.portainer
-  - role: myInfra.docker.promtail
+#  - role: myInfra.docker.promtail
-  - role: myInfra.docker.telegraf
+#  - role: myInfra.docker.telegraf
+#  - role: myInfra.dev.homesrv01.core
   # List your role dependencies here, one per line. Be sure to remove the '[]' above,
   # if you add dependencies to this list.

ansible/roles/myInfra.dev.homesrv01/tasks/main.yml

@@ -0,0 +1,6 @@
+---
+- import_tasks: services.ssh.yml
+
+
+
+

ansible/roles/myInfra.dev.homesrv01/tasks/services.ssh.yml

@@ -0,0 +1,26 @@
+---
+- name: SSH - Install/Update Latest
+  become: true
+  ansible.builtin.package:
+    name:
+      - openssh-server
+    state: latest
+  notify:
+    - SSH - Restart Service
+
+- name: SSH - Setup & Config
+  copy:
+    dest: /etc/ssh/sshd_config.d/10-myLimbo.conf
+    content: |
+      ###################################################################
+  
+      # maintained by myInfra.dev.homesrv01 ansible role
+      # https://git.limbosolutions.com/marcio.fernandes/homesrv01.dev.lan
+  
+      ####################################################################
+      
+      PermitRootLogin no
+      PasswordAuthentication no
+  
+  notify:
+    - SSH - Restart Service

ansible/run-site.local.sh

@@ -0,0 +1,2 @@
+#/bin/bash
+ansible-playbook --connection=local --inventory 127.0.0.1, --limit 127.0.0.1 site.yml

ansible/site.yml

@@ -0,0 +1,4 @@
+- name: homesrv01 playbook
+  hosts: all
+  roles:
+    - myInfra.dev.homesrv01