mirror/ infrastructure
1
1
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/infrastructure.git synced 2024-06-02 09:36:03 +02:00
Code Issues

roles/aurweb: Change aurweb role to support sshd includes 

Added support for the aurweb role to the new openssh include mechanism,
that's baked into our sshd role.
This commit is contained in:
Giancarlo Razzolini 2020-02-17 14:01:25 -03:00
parent 6c489c9bfc
commit e70ab6ce45
No known key found for this signature in database
GPG Key ID: F22FB1D78A77AEAB
3 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
playbooks/aur-dev.archlinux.org.yml
View File

@ -6,7 +6,7 @@
roles:
- { role: common }
- { role: tools }
- { role: sshd }
- { role: sshd, sshd_enable_includes: true }
- { role: root_ssh }
- { role: certbot }
- { role: nginx }

2
roles/aurweb/tasks/main.yml
View File

@ -245,6 +245,6 @@
- aurweb-tuvotereminder.timer
- name: configure sshd
template: src=sshd_config.j2 dest=/etc/ssh/sshd_config owner=root group=root mode=0644 validate='/usr/sbin/sshd -t -f %s'
template: src=aurweb_config.j2 dest={{ sshd_includes_dir }}/aurweb_config owner=root group=root mode=0600 validate='/usr/sbin/sshd -t -f %s'
notify:
- restart sshd

5
roles/aurweb/templates/aurweb_config.j2 Normal file
View File

@ -0,0 +1,5 @@
Match User {{ aurweb_user }}
PasswordAuthentication no
AuthorizedKeysCommand /usr/local/bin/aurweb-git-auth "%t" "%k"
AuthorizedKeysCommandUser {{ aurweb_user }}
AcceptEnv AUR_OVERWRITE