From e67e4565d3aabf6518d352afb8d3d627f4a97690 Mon Sep 17 00:00:00 2001 From: Jake Howard Date: Wed, 24 Mar 2021 22:19:29 +0000 Subject: [PATCH] Remove `expose_ssh` and support SSH listening on nebula and PVE No more wireguard SSH for me --- ansible/host_vars/deluge.yml | 1 - ansible/host_vars/forrest.yml | 2 -- ansible/host_vars/ingress.yml | 1 - ansible/host_vars/jellyfin.yml | 1 - ansible/host_vars/pve-docker.yml | 2 -- ansible/host_vars/pve.yml | 2 -- ansible/roles/base/defaults/main.yml | 1 - ansible/roles/base/files/sshd_config | 6 +----- 8 files changed, 1 insertion(+), 15 deletions(-) delete mode 100644 ansible/host_vars/deluge.yml delete mode 100644 ansible/host_vars/ingress.yml delete mode 100644 ansible/host_vars/jellyfin.yml delete mode 100644 ansible/roles/base/defaults/main.yml diff --git a/ansible/host_vars/deluge.yml b/ansible/host_vars/deluge.yml deleted file mode 100644 index c6a60bc..0000000 --- a/ansible/host_vars/deluge.yml +++ /dev/null @@ -1 +0,0 @@ -expose_ssh: true diff --git a/ansible/host_vars/forrest.yml b/ansible/host_vars/forrest.yml index a1c3f3d..65e9214 100644 --- a/ansible/host_vars/forrest.yml +++ b/ansible/host_vars/forrest.yml @@ -1,3 +1 @@ -expose_ssh: true - protected_ip: "{{ pve_hosts.forrest.internal_ip }}" diff --git a/ansible/host_vars/ingress.yml b/ansible/host_vars/ingress.yml deleted file mode 100644 index c6a60bc..0000000 --- a/ansible/host_vars/ingress.yml +++ /dev/null @@ -1 +0,0 @@ -expose_ssh: true diff --git a/ansible/host_vars/jellyfin.yml b/ansible/host_vars/jellyfin.yml deleted file mode 100644 index c6a60bc..0000000 --- a/ansible/host_vars/jellyfin.yml +++ /dev/null @@ -1 +0,0 @@ -expose_ssh: true diff --git a/ansible/host_vars/pve-docker.yml b/ansible/host_vars/pve-docker.yml index b8a9add..a71b000 100644 --- a/ansible/host_vars/pve-docker.yml +++ b/ansible/host_vars/pve-docker.yml @@ -1,5 +1,3 @@ -expose_ssh: true - private_ip: "{{ pve_hosts.pve_docker.ip }}" protected_ip: "{{ pve_hosts.pve_docker.internal_ip }}" diff --git a/ansible/host_vars/pve.yml b/ansible/host_vars/pve.yml index b74abd5..a9db0a6 100644 --- a/ansible/host_vars/pve.yml +++ b/ansible/host_vars/pve.yml @@ -1,5 +1,3 @@ -expose_ssh: true - private_ip: "{{ pve_hosts.pve.ip }}" protected_ip: "{{ pve_hosts.pve.internal_ip }}" diff --git a/ansible/roles/base/defaults/main.yml b/ansible/roles/base/defaults/main.yml deleted file mode 100644 index 41be9b2..0000000 --- a/ansible/roles/base/defaults/main.yml +++ /dev/null @@ -1 +0,0 @@ -expose_ssh: false diff --git a/ansible/roles/base/files/sshd_config b/ansible/roles/base/files/sshd_config index 9b33b71..cede24c 100644 --- a/ansible/roles/base/files/sshd_config +++ b/ansible/roles/base/files/sshd_config @@ -2,11 +2,7 @@ # Change to a high/odd port if this server is exposed to the internet directly Port {{ ssh_port }} -{% if expose_ssh %} -AllowUsers {{ user }} -{% else %} -AllowUsers {{ user }}@{{ wireguard.cidr }} -{% endif %} +AllowUsers {% if ansible_hostname in pve_hosts %}{{ user }}@{{ pve_hosts.internal_cidr }}{% endif %} {% if ansible_hostname in nebula.clients %}{{ user }}@{{ nebula.cidr }}{% endif %} # Bind to all interfaces (change to specific interface if needed) ListenAddress 0.0.0.0