COnfigure SSH bastion

This commit is contained in:
Jake Howard 2019-12-08 15:55:19 +00:00 committed by Jake Howard
parent 0d3daba374
commit b0277c2f46
8 changed files with 38 additions and 1 deletions

3
.gitmodules vendored Normal file
View file

@ -0,0 +1,3 @@
[submodule "ansible/files/ssh"]
path = ansible/files/ssh
url = https://github.com/RealOrangeOne/ansible-ssh-bastion

View file

@ -2,3 +2,4 @@ skip_list:
- 305
- 401
- 301
- 503

1
ansible/files/ssh Submodule

@ -0,0 +1 @@
Subproject commit 9f8159f1e6e468b9293e4c00d76aadf18aac6af5

View file

@ -0,0 +1,2 @@
[casey]
108.61.221.88

View file

@ -0,0 +1,8 @@
- hosts: all
tasks:
- name: Ping
ping:
- hosts: casey
roles:
- ssh-bastion

View file

@ -0,0 +1,20 @@
- name: Define context
set_fact:
user: jake
enable_root: true
- name: SSH config
template:
src: files/ssh/sshd_config_bastion
dest: /etc/ssh/sshd_config
validate: /usr/sbin/sshd -t -f %s
backup: yes
become: true
become_user: root
register: sshd_config
- name: Restart SSH config
service:
name: sshd
state: reloaded
when: sshd_config.changed

2
ansible/vars.yml Normal file
View file

@ -0,0 +1,2 @@
user: jake
enable_root: false

View file

@ -4,4 +4,4 @@ set -e
PATH=env/bin:${PATH}
ansible-playbook -i ansible/hosts ansible/main.yml
ansible-playbook -i ansible/hosts ansible/main.yml -k -K