add sshconfig role

2023-08-02 13:49:47 +02:00 · 2023-08-02 13:49:47 +02:00 · 66d0701a57
commit 66d0701a57
parent 90ced67557
2 changed files with 51 additions and 0 deletions
--- a/ansible/roles/sshconfig/tasks/main.yml
+++ b/ansible/roles/sshconfig/tasks/main.yml
@ -0,0 +1,7 @@
+---
+- name: Install ssh config
+  ansible.builtin.template:
+    src: config.j2
+    dest: .ssh/config
+    mode: 0600
+...
--- a/ansible/roles/sshconfig/templates/config.j2
+++ b/ansible/roles/sshconfig/templates/config.j2
@ -0,0 +1,44 @@
+# {{ ansible_managed }}
+ControlMaster     auto
+ControlPath       {{ ssh.config.control_path }}
+ControlPersist    {{ ssh.config.control_persist }}
+
+include config.d/*
+
+Host git.dotya.ml github.com
+    IdentityFile ~/.ssh/{{ ssh.config.gitea_gh_id }}
+
+Host git.dotya.ml
+    User gitea
+
+Host github.com
+    # KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1
+    User git
+
+
+# Do not keep HostKeys for internal networks
+Host 10.*.*.* 192.168.*.*
+    UserKnownHostsFile /dev/null
+    StrictHostKeyChecking no
+
+Host *
+    ForwardX11 no
+    # IdentityFile none
+    AddKeysToAgent yes
+    IdentitiesOnly yes
+    ForwardAgent no
+    StrictHostKeyChecking no
+    IPQoS af21 # low-latency
+    # IPQoS lowdelay
+    # IPQoS throughput
+    Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
+    KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512
+    MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com
+
+# this could be of interest later:
+# https://mike.place/2017/ssh-match/
+# Match host <ssh_hostname> !exec "ping -t 1 -o "<ssh_hostname>.local" &>/dev/null"
+#   ProxyJump <remote_host_with_public_IP>:11033
+#
+# also:
+# https://github.com/FiloSottile/whoami.filippo.io