infra-ansible

ansible script to ship alpine/ssh/wireguard

git clone https://9o.is/git/infra-ansible.git

commit df4ddef72fcfac9eab353b0035ce258f2ff75f0c
parent 8271ad27ea60c4b7a9f3231f67cdc05a92e6803e
Author: Jul <jul@9o.is>
Date:   Wed, 15 May 2024 00:03:35 +0800

set openssh port to default 22

Diffstat:

Mhost/group_vars/all | 1-


Dhost/roles/openssh/tasks/local_ssh_config.yml | 29-----------------------------


Mhost/roles/openssh/tasks/main.yml | 3---


Mhost/roles/openssh/templates/sshd_config.j2 | 1-


Mhost/roles/wireguard/templates/nftables.conf.j2 | 2+-


5 files changed, 1 insertion(+), 35 deletions(-)

diff --git a/host/group_vars/all b/host/group_vars/all
@@ -1,4 +1,3 @@
-openssh_port: 57123
 wireguard_port: 62620
 k0s_version: v1.30.0+k0s.0
 
diff --git a/host/roles/openssh/tasks/local_ssh_config.yml b/host/roles/openssh/tasks/local_ssh_config.yml
@@ -1,29 +0,0 @@
----
-- name: Get hostname
-  shell: cat /etc/hostname
-  register: hostname
-
-- name: Create ssh config locally
-  delegate_to: localhost
-  become: false
-  file:
-    path: ~user/.ssh/config
-    owner: user
-    group: user
-    mode: '0644'
-    state: touch
-
-- name: Configure ssh locally
-  delegate_to: localhost
-  delegate_facts: true
-  become: false
-  blockinfile:
-    path: ~user/.ssh/config
-    marker: "### {mark} ansible managed {{ hostname.stdout }}"
-    append_newline: true
-    prepend_newline: true
-    block: |
-      Host {{ hostname.stdout }}
-        HostName {{ hostname.stdout }}
-        User user
-        Port {{ openssh_port }}
diff --git a/host/roles/openssh/tasks/main.yml b/host/roles/openssh/tasks/main.yml
@@ -48,6 +48,3 @@
     validate: sshd -t -f %s
   notify: restart sshd
 
-- name: Configure ssh locally
-  include_tasks: local_ssh_config.yml
-
diff --git a/host/roles/openssh/templates/sshd_config.j2 b/host/roles/openssh/templates/sshd_config.j2
@@ -1,4 +1,3 @@
-Port {{ openssh_port }}
 AllowUsers user
 
 # Supported HostKey algorithms by order of preference.
diff --git a/host/roles/wireguard/templates/nftables.conf.j2 b/host/roles/wireguard/templates/nftables.conf.j2
@@ -28,7 +28,7 @@ table ip filter {
     }
 
     chain wireguard-wg0 {
-        tcp dport {{ openssh_port }} accept
+        tcp dport ssh accept
     }
 }