diff options
| -rw-r--r-- | playbooks.d/ssh/description.txt | 1 | ||||
| -rw-r--r-- | playbooks.d/ssh/etc/defaults | 2 | ||||
| -rw-r--r-- | playbooks.d/ssh/etc/os.d/freebsd | 1 | ||||
| -rw-r--r-- | playbooks.d/ssh/etc/os.d/linux-gentoo | 1 | ||||
| -rw-r--r-- | playbooks.d/ssh/playbook.bash | 28 | ||||
| -rw-r--r-- | playbooks.d/ssh/share/motd | 8 | ||||
| -rw-r--r-- | playbooks.d/ssh/share/sshd_config | 27 | ||||
| -rw-r--r-- | registry.d/anoia.tyil.net | 1 |
8 files changed, 69 insertions, 0 deletions
diff --git a/playbooks.d/ssh/description.txt b/playbooks.d/ssh/description.txt new file mode 100644 index 0000000..0e5210f --- /dev/null +++ b/playbooks.d/ssh/description.txt @@ -0,0 +1 @@ +OpenSSH configuration diff --git a/playbooks.d/ssh/etc/defaults b/playbooks.d/ssh/etc/defaults new file mode 100644 index 0000000..2140397 --- /dev/null +++ b/playbooks.d/ssh/etc/defaults @@ -0,0 +1,2 @@ +ssh.sftp=/usr/lib/openssh/sftp-server +svc.sshd=sshd diff --git a/playbooks.d/ssh/etc/os.d/freebsd b/playbooks.d/ssh/etc/os.d/freebsd new file mode 100644 index 0000000..47805db --- /dev/null +++ b/playbooks.d/ssh/etc/os.d/freebsd @@ -0,0 +1 @@ +ssh.sftp=/usr/lib64/misc/sftp-server diff --git a/playbooks.d/ssh/etc/os.d/linux-gentoo b/playbooks.d/ssh/etc/os.d/linux-gentoo new file mode 100644 index 0000000..47805db --- /dev/null +++ b/playbooks.d/ssh/etc/os.d/linux-gentoo @@ -0,0 +1 @@ +ssh.sftp=/usr/lib64/misc/sftp-server diff --git a/playbooks.d/ssh/playbook.bash b/playbooks.d/ssh/playbook.bash new file mode 100644 index 0000000..b391b9d --- /dev/null +++ b/playbooks.d/ssh/playbook.bash @@ -0,0 +1,28 @@ +#!/usr/bin/env bash + +playbook_add() { + svc enable "sshd" + svc start "sshd" + + playbook_sync +} + +playbook_sync() { + file_template sshd_config \ + "sftp=$(config "ssh.sftp")" \ + > /etc/ssh/sshd_config + + file_template "motd" \ + "fqdn=${BASHTARD_PLATFORM[fqdn]}" \ + "time=$(date -u "+%FT%T")" \ + > /etc/motd + + [[ $BASHTARD_COMMAND == "add" ]] && return + + svc reload "sshd" +} + +playbook_del() { + svc stop "sshd" + svc disable "sshd" +} diff --git a/playbooks.d/ssh/share/motd b/playbooks.d/ssh/share/motd new file mode 100644 index 0000000..7fc4e34 --- /dev/null +++ b/playbooks.d/ssh/share/motd @@ -0,0 +1,8 @@ + ████████╗██╗ ██╗██╗██╗ ███╗ ██╗███████╗████████╗ + ╚══██╔══╝╚██╗ ██╔╝██║██║ ████╗ ██║██╔════╝╚══██╔══╝ + ██║ ╚████╔╝ ██║██║ ██╔██╗ ██║█████╗ ██║ + ██║ ╚██╔╝ ██║██║ ██║╚██╗██║██╔══╝ ██║ + ██║ ██║ ██║███████╗██╗██║ ╚████║███████╗ ██║ + ╚═╝ ╚═╝ ╚═╝╚══════╝╚═╝╚═╝ ╚═══╝╚══════╝ ╚═╝ + +Welcome to ${fqdn}, last updated on ${time}. diff --git a/playbooks.d/ssh/share/sshd_config b/playbooks.d/ssh/share/sshd_config new file mode 100644 index 0000000..97bea2e --- /dev/null +++ b/playbooks.d/ssh/share/sshd_config @@ -0,0 +1,27 @@ +# Connectivity +Port 22 +AddressFamily any +ListenAddress 0.0.0.0 +ListenAddress :: + +# Fluff +PrintMotd yes + +# SFTP +Subsystem sftp ${sftp} + +# Authentication +AuthorizedKeysFile /etc/ssh/authorized_keys .ssh/authorized_keys +PermitRootLogin no +PasswordAuthentication no +ChallengeResponseAuthentication no +PubkeyAuthentication no + +# Allow tyil +Match User tyil + PubkeyAuthentication yes + +# Allow public key authentication over VPN +Match Address 10.57.0.0/16 + PubkeyAuthentication yes + PermitRootLogin prohibit-password diff --git a/registry.d/anoia.tyil.net b/registry.d/anoia.tyil.net index 98cfbf8..c1bd6f1 100644 --- a/registry.d/anoia.tyil.net +++ b/registry.d/anoia.tyil.net @@ -1 +1,2 @@ +ssh vpn-tinc |