diff options
Diffstat (limited to 'roles/base/files')
-rw-r--r-- | roles/base/files/keys/bandali | 1 | ||||
-rw-r--r-- | roles/base/files/keys/cairn | 1 | ||||
-rw-r--r-- | roles/base/files/keys/dragestil | 1 | ||||
-rw-r--r-- | roles/base/files/keys/opal | 2 | ||||
-rw-r--r-- | roles/base/files/keys/sachac | 2 | ||||
-rw-r--r-- | roles/base/files/keys/zaeph | 1 | ||||
-rw-r--r-- | roles/base/files/sshd_config | 16 | ||||
-rw-r--r-- | roles/base/files/sudoers.d/10_ansible | 1 | ||||
-rw-r--r-- | roles/base/files/sudoers.d/20_admin | 1 | ||||
-rw-r--r-- | roles/base/files/sudoers.d/30_org_admin | 3 |
10 files changed, 29 insertions, 0 deletions
diff --git a/roles/base/files/keys/bandali b/roles/base/files/keys/bandali new file mode 100644 index 0000000..e50d913 --- /dev/null +++ b/roles/base/files/keys/bandali @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA0St/clKIWYQMvrVwxs2f3bKapNnu6DmsRxitFfsGMN bandali@gnu.org diff --git a/roles/base/files/keys/cairn b/roles/base/files/keys/cairn new file mode 100644 index 0000000..6bd04bd --- /dev/null +++ b/roles/base/files/keys/cairn @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDK7g0qqt0yIKwozCc+ogKiTzK5iwA3nXFHnlvhJfiEZUKiCcl9PN0O+50h8+rFrva27NxE8OEhCPCV9Ug+K8+Z4ikVbIYEBbgF4+GOtW6R7Ktota2Y+6c5DZfoq2vFNOI5cL1OkQUrQhVa+fIjb9zh2L9YgJIsBv/850HlYLS4DPMqyWo7SsMNFA2BIm/rL/U/fqjr4IJ/uxGa3cwM6zixqfozQShxULvz6BxVpe+yPp0yj+mau9DJEs18ZNoeC4vqzXq73hsth2RisXq389foWNRKrAMzcajw8EW7MRd4srRnlr6APt2ZH/vQ6EcTBNyWqEv2KJ4KVZLgg0QHyQBb cairn@starfighter diff --git a/roles/base/files/keys/dragestil b/roles/base/files/keys/dragestil new file mode 100644 index 0000000..5bc093f --- /dev/null +++ b/roles/base/files/keys/dragestil @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBvPOtgcm5ptn8l+/YLAJEqVeT801btqFOf9gE9BLGDh yuchen@melb diff --git a/roles/base/files/keys/opal b/roles/base/files/keys/opal new file mode 100644 index 0000000..eeb5e3c --- /dev/null +++ b/roles/base/files/keys/opal @@ -0,0 +1,2 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQChD6zcTYv5hpl9YRSetz1uQzQfOkzOQZNna0Mvzqt5mzptdthe6ZNHKchto5tpby5iVxwGTPiHcWs0VlnnDG/VX/a5p28qs2595MZizv6McqInr1kLj3w+gbJpPRqaL0GGtlCZhIYyv1MRFhkemdSzLAo4/Noj7z3b+z6tsnsIr/qJvpoUt0tdsrgMlHOHkqZsnQICNah+ugQAOQzCkZCW7E3hSMtal412eNIaX8TiB686N2VigMOOUxg6NNbo/dRFq5IMA48hBNJpzeS4zz1gMXv6hSCRPcBJ5aFt+O6T7VOXdTAlC88+zu6c554kacyhVB/4tWGmnf1ZaK4kD8Un ry@nocry +ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAGTI8v3jrhi/HS9RIudSrVg7WFBcvCiRj90q3Qa8HuwbbrHAkVSrhrpJKVTYMt2tBGdcM9QgU/dy5F0o07Vb23COQG/sqr/ImX8wSnjIvjW/yDHaKtEcy3sbvtqqRXiI8R8wfMctCPjUnl7OhaDPMWDy8sAefApCs1W5InafT6TYkooCg== ry@apollyon diff --git a/roles/base/files/keys/sachac b/roles/base/files/keys/sachac new file mode 100644 index 0000000..999b59c --- /dev/null +++ b/roles/base/files/keys/sachac @@ -0,0 +1,2 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDK0Vg112xS0SAuCutincht2LWs+2jC8EWC19Irotv8M0ztzLf6wmXEw0xoB8D78LKzXGC/gFcIvYzsNezHFpU5PmlxYBRJkdOYH2zYfnlWQFpJKmk1OelTrugaRE4HywXurf6q6Sot5hzbzPmCWgOlBZshnkDXMAyPCfYvL+RcwTRJWiaiGwwDHlfHCkebr4cwypRQ7Nl2kKajdp4wZXwbuP64pPNMmftZEMEM910w3zPnzQTil4IuLSiVC8K7TSk6xsnrsk10Y6zfoaHkZ71OD58rqPPFqeHYDj8SAvp6W4hHwakbf+r8nfRfr8Tc+gtCf0B6a4Y050OI5FxHlmjh +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyMf4V8eCzYNEde8xG4tIJPBv8NwoTzyRG9O5+Bl69osaHV7OZQz81wXil1qZ/xrUu6fc5jMkxq7j5KCCs2MF6gMq12UKe9ESKYe5i+jFL7+V6JNQqcjLcyaEfEFtFCJ95nWCQWpXrMPijvpB3+YxLspFOTz8ZJsGENXU+Rkz5EIdx2VTgHUbddCjE5jndIO58uPKmR4EpMeUWxb20xYLpOwM14aGF/ERVjI++dIwu7mc21kxg42HJjRA/NRV48IxrGl57KKzl7qtMrqwp+ucoLWw4PdqHk4/tApjmrgLiJzLpSZx/4LL3mHTg3I6w9fC5yTgk3k6rJFomb2Jbboxx diff --git a/roles/base/files/keys/zaeph b/roles/base/files/keys/zaeph new file mode 100644 index 0000000..33d3fa4 --- /dev/null +++ b/roles/base/files/keys/zaeph @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJxla020OSOgCfbCekmMMEFNmuUicibIo7eotqONcJDB diff --git a/roles/base/files/sshd_config b/roles/base/files/sshd_config new file mode 100644 index 0000000..0060c33 --- /dev/null +++ b/roles/base/files/sshd_config @@ -0,0 +1,16 @@ +Include /etc/ssh/sshd_config.d/*.conf +Port 46668 + +LoginGraceTime 2m +AllowAgentForwarding yes +X11Forwarding yes +PermitRootLogin prohibit-password +AuthorizedKeysFile .ssh/authorized_keys +PasswordAuthentication no +UsePAM yes +PrintMotd no +AcceptEnv LANG LC_* + +Subsystem sftp /usr/lib/ssh/sftp-server + +AllowUsers opalvaults ansible bandali zaeph sachac dragestil cairn diff --git a/roles/base/files/sudoers.d/10_ansible b/roles/base/files/sudoers.d/10_ansible new file mode 100644 index 0000000..80053e5 --- /dev/null +++ b/roles/base/files/sudoers.d/10_ansible @@ -0,0 +1 @@ +ansible ALL = (ALL) NOPASSWD: ALL diff --git a/roles/base/files/sudoers.d/20_admin b/roles/base/files/sudoers.d/20_admin new file mode 100644 index 0000000..71b74c3 --- /dev/null +++ b/roles/base/files/sudoers.d/20_admin @@ -0,0 +1 @@ +%admin ALL=(ALL) ALL diff --git a/roles/base/files/sudoers.d/30_org_admin b/roles/base/files/sudoers.d/30_org_admin new file mode 100644 index 0000000..f855569 --- /dev/null +++ b/roles/base/files/sudoers.d/30_org_admin @@ -0,0 +1,3 @@ +sachac ALL=(ALL) /usr/bin/apt +zaeph ALL=(ALL) /usr/bin/apt +dragestil ALL=(ALL) /usr/bin/apt |