Remove expose_ssh and support SSH listening on nebula and PVE

No more wireguard SSH for me
2021-03-24 22:19:29 +00:00 · 2021-03-24 22:19:29 +00:00 · e67e4565d3
commit e67e4565d3
parent e80bcb5a8b
8 changed files with 1 additions and 15 deletions
--- a/ansible/host_vars/deluge.yml
+++ b/ansible/host_vars/deluge.yml
@ -1 +0,0 @@
 expose_ssh: true
--- a/ansible/host_vars/forrest.yml
+++ b/ansible/host_vars/forrest.yml
@ -1,3 +1 @@
 expose_ssh: true
 protected_ip: "{{ pve_hosts.forrest.internal_ip }}"
--- a/ansible/host_vars/ingress.yml
+++ b/ansible/host_vars/ingress.yml
@ -1 +0,0 @@
 expose_ssh: true
--- a/ansible/host_vars/jellyfin.yml
+++ b/ansible/host_vars/jellyfin.yml
@ -1 +0,0 @@
 expose_ssh: true
--- a/ansible/host_vars/pve-docker.yml
+++ b/ansible/host_vars/pve-docker.yml
@ -1,5 +1,3 @@
 expose_ssh: true
 private_ip: "{{ pve_hosts.pve_docker.ip }}"
 protected_ip: "{{ pve_hosts.pve_docker.internal_ip }}"
--- a/ansible/host_vars/pve.yml
+++ b/ansible/host_vars/pve.yml
@ -1,5 +1,3 @@
 expose_ssh: true
 private_ip: "{{ pve_hosts.pve.ip }}"
 protected_ip: "{{ pve_hosts.pve.internal_ip }}"
--- a/ansible/roles/base/defaults/main.yml
+++ b/ansible/roles/base/defaults/main.yml
@ -1 +0,0 @@
 expose_ssh: false
--- a/ansible/roles/base/files/sshd_config
+++ b/ansible/roles/base/files/sshd_config
@ -2,11 +2,7 @@
 # Change to a high/odd port if this server is exposed to the internet directly
 Port {{ ssh_port }}
-{% if expose_ssh %}
+AllowUsers {% if ansible_hostname in pve_hosts %}{{ user }}@{{ pve_hosts.internal_cidr }}{% endif %} {% if ansible_hostname in nebula.clients %}{{ user }}@{{ nebula.cidr }}{% endif %}
 AllowUsers {{ user }}
 {% else %}
 AllowUsers {{ user }}@{{ wireguard.cidr }}
 {% endif %}
 # Bind to all interfaces (change to specific interface if needed)
 ListenAddress 0.0.0.0
`@ -1,3 +1 @@`
	`expose_ssh: true`

	`protected_ip: "{{ pve_hosts.forrest.internal_ip }}"`	`protected_ip: "{{ pve_hosts.forrest.internal_ip }}"`