feat: add SSH login information and dotfiles status check to hello.py; include OpenSSH server tasks in Ansible configuration
Some checks failed
Nix Format Check / check-format (push) Failing after 39s

This commit is contained in:
2025-03-10 19:05:18 +01:00
parent 6c095843ba
commit 7315809914
6 changed files with 181 additions and 14 deletions

View File

@@ -22,6 +22,10 @@
ansible.builtin.import_tasks: tasks/global/ollama.yml
become: true
- name: Include OpenSSH Server tasks
ansible.builtin.import_tasks: tasks/global/openssh-server.yml
become: true
- name: Ensure common packages are installed
ansible.builtin.package:
name:
@@ -31,9 +35,11 @@
- trash-cli
- curl
- wget
# Python is used for the dotfiles CLI tools
- python3
- python3-pip
- python3-venv
- lastlog2 # Used for displaying last login information
state: present
become: true

View File

@@ -0,0 +1,22 @@
---
- name: Ensure openssh-server is installed
ansible.builtin.package:
name: openssh-server
state: present
- name: Ensure SSH server configuration is proper
ansible.builtin.template:
src: templates/sshd_config.j2
dest: /etc/ssh/sshd_config
owner: root
group: root
mode: '0644'
validate: '/usr/sbin/sshd -t -f %s'
notify: Restart SSH service
register: ssh_config
- name: Ensure SSH service is enabled and running
ansible.builtin.service:
name: ssh
state: started
enabled: true

View File

@@ -1,4 +1,3 @@
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
@@ -11,6 +10,15 @@
Include /etc/ssh/sshd_config.d/*.conf
# When systemd socket activation is used (the default), the socket
# configuration must be re-generated after changing Port, AddressFamily, or
# ListenAddress.
#
# For changes to take effect, run:
#
# systemctl daemon-reload
# systemctl restart ssh.socket
#
Port 400
#AddressFamily any
#ListenAddress 0.0.0.0
@@ -25,12 +33,12 @@ Port 400
# Logging
#SyslogFacility AUTH
#LogLevel INFO
LogLevel INFO
# Authentication:
#LoginGraceTime 2m
PermitRootLogin prohibit-password
PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
@@ -54,8 +62,8 @@ PubkeyAuthentication yes
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
PermitEmptyPasswords no
PasswordAuthentication no
#PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
@@ -84,8 +92,8 @@ KbdInteractiveAuthentication no
# and KbdInteractiveAuthentication to 'no'.
UsePAM yes
AllowAgentForwarding yes
AllowTcpForwarding yes
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
@@ -96,8 +104,8 @@ PrintMotd no
#TCPKeepAlive yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
ClientAliveInterval 300
ClientAliveCountMax 2
#UseDNS no
#PidFile /run/sshd.pid
#MaxStartups 10:30:100
@@ -116,7 +124,7 @@ Subsystem sftp /usr/lib/openssh/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
X11Forwarding yes
AllowTcpForwarding yes
# PermitTTY no
# ForceCommand cvs server

View File

@@ -39,11 +39,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1741379970,
"narHash": "sha256-Wh7esNh7G24qYleLvgOSY/7HlDUzWaL/n4qzlBePpiw=",
"lastModified": 1741513245,
"narHash": "sha256-7rTAMNTY1xoBwz0h7ZMtEcd8LELk9R5TzBPoHuhNSCk=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "36fd87baa9083f34f7f5027900b62ee6d09b1f2f",
"rev": "e3e32b642a31e6714ec1b712de8c91a3352ce7e1",
"type": "github"
},
"original": {