myLimbo/casa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat ansible ssh configuration

Browse Source
This commit is contained in:
Márcio Fernandes
2024-08-31 21:21:26 +01:00
parent 44ebbbf28a
commit b3d9bdfbe3
9 changed files with 96 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
README.md
View File

@@ -13,9 +13,12 @@ The server itself is on its own vlan (Vlan: homesrv) but requires communication
Using [code-server docker container](#code-server) for Development / Maintenance. Using [code-server docker container](#code-server) for Development / Maintenance.
<!-- omit in toc --> <!-- omit in toc -->
## Table of Contents ## Table of Contents
- [Table of Contents](#table-of-contents)
- [Services](#services) - [Services](#services)
- [SSH](#ssh)
- [Docker](#docker) - [Docker](#docker)
- [Volumes](#volumes) - [Volumes](#volumes)
- [Portainer](#portainer) - [Portainer](#portainer)
@@ -36,16 +39,19 @@ Using [code-server docker container](#code-server) for Development / Maintenance
- [Packages and Requirements](#packages-and-requirements) - [Packages and Requirements](#packages-and-requirements)
- [Users \& Groups](#users--groups) - [Users \& Groups](#users--groups)
- [fstab](#fstab) - [fstab](#fstab)
- [ssh](#ssh)
- [Update](#update) - [Update](#update)
## Services ## Services
### SSH
Deployed and maintained by ansible role [myInfra.dev.homesrv1](./ansible/roles/myInfra.dev.homesrv01/README.md).
### Docker ### Docker
### Volumes ### Volumes
``` bash ```bash
# requires mount /mnt/media@sshfs:nas.lan # requires mount /mnt/media@sshfs:nas.lan
# required by LMS service # required by LMS service
docker volume create --driver local --opt type=none --opt device=/mnt/media@sshfs:nas.lan/music --opt o=bind music docker volume create --driver local --opt type=none --opt device=/mnt/media@sshfs:nas.lan/music --opt o=bind music
@@ -185,7 +191,7 @@ SONOFF Universal Zigbee 3.0 USB Dongle Plus attached on [proxmox host](#host).
Patch security on [proxmox host](#host). Patch security on [proxmox host](#host).
(usb passthrough to [lxc container](#proxmox---lxc-container)) (usb passthrough to [lxc container](#proxmox---lxc-container))
``` yaml ```yaml
#on proxmox hosting server #on proxmox hosting server
chown 100000:100020 /dev/ttyUSB0 chown 100000:100020 /dev/ttyUSB0
chown 100000:100020 /dev/serial/by-id/usb-ITead_Sonoff_Zigbee_3.0_USB_Dongle_Plus_c0e8eeb4b38ded118e7c06f6b86ce6f8-if00-port0 chown 100000:100020 /dev/serial/by-id/usb-ITead_Sonoff_Zigbee_3.0_USB_Dongle_Plus_c0e8eeb4b38ded118e7c06f6b86ce6f8-if00-port0
@@ -193,7 +199,7 @@ chown 100000:100020 /dev/serial/by-id/usb-ITead_Sonoff_Zigbee_3.0_USB_Dongle_Plu
#### Docker devices #### Docker devices
``` yaml ```yaml
.... ....
devices: devices:
# Make sure this matched your adapter location # Make sure this matched your adapter location
@@ -311,17 +317,6 @@ usermod -aG docker admin
sshfs#media@nas.lan:/home/media /mnt/media@sshfs:nas.lan fuse defaults,_netdev,allow_other,follow_symlinks 0 0 sshfs#media@nas.lan:/home/media /mnt/media@sshfs:nas.lan fuse defaults,_netdev,allow_other,follow_symlinks 0 0
``` ```
### ssh
```bash
#/etc/ssh/sshd_config
PermitRootLogin no
```
```bash
systemctl restart ssh
```
### Update ### Update
```bash ```bash

27
ansible/roles/myInfra.dev.homesrv01/.gitignore vendored Normal file
View File

@@ -0,0 +1,27 @@
# Ansible Tower ignore list
# Ansible runtime and backups
*.original
*.tmp
*.bkp
*.retry
*.*~
# Tower runtime roles
roles/**
!roles/myInfra.dev.homesrv01
!roles/requirements.yml
# Try tyo avoid any plain-text passwords
*pwd*
*pass*
*password*
*.txt
# Exclude all binaries
*.bin
*.jar
*.tar
*.zip
*.gzip
*.tgz

6
ansible/roles/myInfra.dev.homesrv01/handlers/main.yml Normal file
View File

@@ -0,0 +1,6 @@
---
- import_tasks: services.ssh.yml

8
ansible/roles/myInfra.dev.homesrv01/handlers/services.ssh.yml Normal file
View File

@@ -0,0 +1,8 @@
---
- name: SSH - Restart Service
become: true
ansible.builtin.service:
daemon_reload: true
name: ssh
enabled: true
state: restarted

11
ansible/roles/myInfra.dev.homesrv01/meta/main.yml
View File

@@ -50,10 +50,11 @@ galaxy_info:
# NOTE: A tag is limited to a single word comprised of alphanumeric characters. # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role. # Maximum 20 tags per role.
dependencies: # dependencies:
- role: myInfra.journald # - role: myInfra.journald
- role: myInfra.docker.portainer # - role: myInfra.docker.portainer
- role: myInfra.docker.promtail # - role: myInfra.docker.promtail
- role: myInfra.docker.telegraf # - role: myInfra.docker.telegraf
# - role: myInfra.dev.homesrv01.core
# List your role dependencies here, one per line. Be sure to remove the '[]' above, # List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list. # if you add dependencies to this list.

6
ansible/roles/myInfra.dev.homesrv01/tasks/main.yml Normal file
View File

@@ -0,0 +1,6 @@
---
- import_tasks: services.ssh.yml

26
ansible/roles/myInfra.dev.homesrv01/tasks/services.ssh.yml Normal file
View File

@@ -0,0 +1,26 @@
---
- name: SSH - Install/Update Latest
become: true
ansible.builtin.package:
name:
- openssh-server
state: latest
notify:
- SSH - Restart Service
- name: SSH - Setup & Config
copy:
dest: /etc/ssh/sshd_config.d/10-myLimbo.conf
content: |
###################################################################
# maintained by myInfra.dev.homesrv01 ansible role
# https://git.limbosolutions.com/marcio.fernandes/homesrv01.dev.lan
####################################################################
PermitRootLogin no
PasswordAuthentication no
notify:
- SSH - Restart Service

2
ansible/run-site.local.sh Executable file
View File

@@ -0,0 +1,2 @@
#/bin/bash
ansible-playbook --connection=local --inventory 127.0.0.1, --limit 127.0.0.1 site.yml

4
ansible/site.yml Normal file
View File

@@ -0,0 +1,4 @@
- name: homesrv01 playbook
hosts: all
roles:
- myInfra.dev.homesrv01