feat: add SSH login information and dotfiles status check to hello.py; include OpenSSH server tasks in Ansible configuration
Some checks failed
Nix Format Check / check-format (push) Failing after 39s
Some checks failed
Nix Format Check / check-format (push) Failing after 39s
This commit is contained in:
@@ -22,6 +22,10 @@
|
||||
ansible.builtin.import_tasks: tasks/global/ollama.yml
|
||||
become: true
|
||||
|
||||
- name: Include OpenSSH Server tasks
|
||||
ansible.builtin.import_tasks: tasks/global/openssh-server.yml
|
||||
become: true
|
||||
|
||||
- name: Ensure common packages are installed
|
||||
ansible.builtin.package:
|
||||
name:
|
||||
@@ -31,9 +35,11 @@
|
||||
- trash-cli
|
||||
- curl
|
||||
- wget
|
||||
# Python is used for the dotfiles CLI tools
|
||||
- python3
|
||||
- python3-pip
|
||||
- python3-venv
|
||||
- lastlog2 # Used for displaying last login information
|
||||
state: present
|
||||
become: true
|
||||
|
||||
|
22
config/ansible/tasks/global/openssh-server.yml
Normal file
22
config/ansible/tasks/global/openssh-server.yml
Normal file
@@ -0,0 +1,22 @@
|
||||
---
|
||||
- name: Ensure openssh-server is installed
|
||||
ansible.builtin.package:
|
||||
name: openssh-server
|
||||
state: present
|
||||
|
||||
- name: Ensure SSH server configuration is proper
|
||||
ansible.builtin.template:
|
||||
src: templates/sshd_config.j2
|
||||
dest: /etc/ssh/sshd_config
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
validate: '/usr/sbin/sshd -t -f %s'
|
||||
notify: Restart SSH service
|
||||
register: ssh_config
|
||||
|
||||
- name: Ensure SSH service is enabled and running
|
||||
ansible.builtin.service:
|
||||
name: ssh
|
||||
state: started
|
||||
enabled: true
|
@@ -1,4 +1,3 @@
|
||||
|
||||
# This is the sshd server system-wide configuration file. See
|
||||
# sshd_config(5) for more information.
|
||||
|
||||
@@ -11,6 +10,15 @@
|
||||
|
||||
Include /etc/ssh/sshd_config.d/*.conf
|
||||
|
||||
# When systemd socket activation is used (the default), the socket
|
||||
# configuration must be re-generated after changing Port, AddressFamily, or
|
||||
# ListenAddress.
|
||||
#
|
||||
# For changes to take effect, run:
|
||||
#
|
||||
# systemctl daemon-reload
|
||||
# systemctl restart ssh.socket
|
||||
#
|
||||
Port 400
|
||||
#AddressFamily any
|
||||
#ListenAddress 0.0.0.0
|
||||
@@ -25,12 +33,12 @@ Port 400
|
||||
|
||||
# Logging
|
||||
#SyslogFacility AUTH
|
||||
#LogLevel INFO
|
||||
LogLevel INFO
|
||||
|
||||
# Authentication:
|
||||
|
||||
#LoginGraceTime 2m
|
||||
PermitRootLogin prohibit-password
|
||||
PermitRootLogin no
|
||||
#StrictModes yes
|
||||
#MaxAuthTries 6
|
||||
#MaxSessions 10
|
||||
@@ -54,8 +62,8 @@ PubkeyAuthentication yes
|
||||
#IgnoreRhosts yes
|
||||
|
||||
# To disable tunneled clear text passwords, change to no here!
|
||||
PasswordAuthentication yes
|
||||
PermitEmptyPasswords no
|
||||
PasswordAuthentication no
|
||||
#PermitEmptyPasswords no
|
||||
|
||||
# Change to yes to enable challenge-response passwords (beware issues with
|
||||
# some PAM modules and threads)
|
||||
@@ -84,8 +92,8 @@ KbdInteractiveAuthentication no
|
||||
# and KbdInteractiveAuthentication to 'no'.
|
||||
UsePAM yes
|
||||
|
||||
AllowAgentForwarding yes
|
||||
AllowTcpForwarding yes
|
||||
#AllowAgentForwarding yes
|
||||
#AllowTcpForwarding yes
|
||||
#GatewayPorts no
|
||||
X11Forwarding yes
|
||||
#X11DisplayOffset 10
|
||||
@@ -96,8 +104,8 @@ PrintMotd no
|
||||
#TCPKeepAlive yes
|
||||
#PermitUserEnvironment no
|
||||
#Compression delayed
|
||||
#ClientAliveInterval 0
|
||||
#ClientAliveCountMax 3
|
||||
ClientAliveInterval 300
|
||||
ClientAliveCountMax 2
|
||||
#UseDNS no
|
||||
#PidFile /run/sshd.pid
|
||||
#MaxStartups 10:30:100
|
||||
@@ -116,7 +124,7 @@ Subsystem sftp /usr/lib/openssh/sftp-server
|
||||
|
||||
# Example of overriding settings on a per-user basis
|
||||
#Match User anoncvs
|
||||
# X11Forwarding no
|
||||
# AllowTcpForwarding no
|
||||
X11Forwarding yes
|
||||
AllowTcpForwarding yes
|
||||
# PermitTTY no
|
||||
# ForceCommand cvs server
|
6
config/home-manager/flake.lock
generated
6
config/home-manager/flake.lock
generated
@@ -39,11 +39,11 @@
|
||||
},
|
||||
"nixpkgs-unstable": {
|
||||
"locked": {
|
||||
"lastModified": 1741379970,
|
||||
"narHash": "sha256-Wh7esNh7G24qYleLvgOSY/7HlDUzWaL/n4qzlBePpiw=",
|
||||
"lastModified": 1741513245,
|
||||
"narHash": "sha256-7rTAMNTY1xoBwz0h7ZMtEcd8LELk9R5TzBPoHuhNSCk=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "36fd87baa9083f34f7f5027900b62ee6d09b1f2f",
|
||||
"rev": "e3e32b642a31e6714ec1b712de8c91a3352ce7e1",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
Reference in New Issue
Block a user