hogweed1/ansible-repo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ssh-certs hosts.
All checks were successful
Gitea Actions Demo / Explore-Gitea-Actions (push) Successful in 0s
Details

Browse Source
This commit is contained in:
hogweed1
2026-05-22 01:50:31 +10:00
parent 413a83dddb
commit 5ed75ea52c
1 changed files with 13 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
playbooks/ssh-certs/deploy-host-certs.yml
View File

@@ -59,12 +59,6 @@
block: | block: |
# Coexistence with Proxmox internal clustering (Plain Keys fallback) # Coexistence with Proxmox internal clustering (Plain Keys fallback)
HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_rsa_key
# Исключение для локального кластерного трафика Proxmox
Match User root
PermitRootLogin yes
PubkeyAuthentication yes
#
marker: "# {mark} ANSIBLE MANAGED HOST RSA KEY BLOCK #" marker: "# {mark} ANSIBLE MANAGED HOST RSA KEY BLOCK #"
create: true create: true
mode: '0600' mode: '0600'
@@ -81,6 +75,19 @@
marker: "# {mark} ANSIBLE MANAGED HOST CERTIFICATE BLOCK #" marker: "# {mark} ANSIBLE MANAGED HOST CERTIFICATE BLOCK #"
notify: Restart SSH notify: Restart SSH
- name: Configure ROOT ACCESS for proxmoxes
blockinfile:
path: /etc/ssh/sshd_config # Или укажите путь к дроп-ину в sshd_config.d/, если используете их
block: |
Match User root Address 127.0.0.1,::1,192.168.0.71,192.168.0.72,192.168.0.73,192.168.0.74,192.168.0.75,192.168.0.89
PermitRootLogin yes
PubkeyAuthentication yes
marker: "# {mark} ANSIBLE MANAGED ROOT ACCESS for proxmoxes BLOCK #"
create: true
mode: '0600'
validate: /usr/sbin/sshd -t -f %s
when: "'proxmoxes' in group_names"
notify: Restart SSH
- name: Очистка временных файлов на Ansible-машине - name: Очистка временных файлов на Ansible-машине
delegate_to: localhost delegate_to: localhost