dotfiles/roles/ssh_server/defaults/main.yml

---
# Whether to accept password auth; ‹yes› or ‹no›
ssh_server_auth_password_authentication: "no"

# Whether to allow ‹root› login; ‹yes› or ‹no›
ssh_server_auth_permit_root_login: "no"

# Whether to setup trusted CA (against the HashiCorp Vault instance)
ssh_server_auth_trusted_ca: true

# Default port where the SSH daemon runs; also adjusts the SELinux policy
ssh_server_port: 10022

# [TODO]: Whether to sign the host keys (against the HashiCorp Vault instance)
ssh_server_sign_host_keys: true
-												roles(system/sshd): create SSH server config

Signed-off-by: Matej Focko <me@mfocko.xyz>

											
										
										
											2023-08-29 11:14:23 +02:00
+								---
-												docs(system/sshd): document variables

Signed-off-by: Matej Focko <me@mfocko.xyz>

											
										
										
											2024-07-12 14:52:31 +02:00
+								# Whether to accept password auth; ‹yes› or ‹no›
-												chore: rename ‹ssh› group of roles

Signed-off-by: Matej Focko <me@mfocko.xyz>

											
										
										
											2024-12-12 16:10:22 +01:00
+								ssh_server_auth_password_authentication: "no"
-												roles(system/sshd): create SSH server config

Signed-off-by: Matej Focko <me@mfocko.xyz>

											
										
										
											2023-08-29 11:14:23 +02:00
-												docs(system/sshd): document variables

Signed-off-by: Matej Focko <me@mfocko.xyz>

											
										
										
											2024-07-12 14:52:31 +02:00
+								# Whether to allow ‹root› login; ‹yes› or ‹no›
-												chore: rename ‹ssh› group of roles

Signed-off-by: Matej Focko <me@mfocko.xyz>

											
										
										
											2024-12-12 16:10:22 +01:00
+								ssh_server_auth_permit_root_login: "no"
-												docs(system/sshd): document variables

Signed-off-by: Matej Focko <me@mfocko.xyz>

											
										
										
											2024-07-12 14:52:31 +02:00
 								# Whether to setup trusted CA (against the HashiCorp Vault instance)
-												chore: rename ‹ssh› group of roles

Signed-off-by: Matej Focko <me@mfocko.xyz>

											
										
										
											2024-12-12 16:10:22 +01:00
+								ssh_server_auth_trusted_ca: true
-												docs(system/sshd): document variables

Signed-off-by: Matej Focko <me@mfocko.xyz>

											
										
										
											2024-07-12 14:52:31 +02:00
 								# Default port where the SSH daemon runs; also adjusts the SELinux policy
-												chore: rename ‹ssh› group of roles

Signed-off-by: Matej Focko <me@mfocko.xyz>

											
										
										
											2024-12-12 16:10:22 +01:00
+								ssh_server_port: 10022
-												docs(system/sshd): document variables

Signed-off-by: Matej Focko <me@mfocko.xyz>

											
										
										
											2024-07-12 14:52:31 +02:00
 								# [TODO]: Whether to sign the host keys (against the HashiCorp Vault instance)
-												chore: rename ‹ssh› group of roles

Signed-off-by: Matej Focko <me@mfocko.xyz>

											
										
										
											2024-12-12 16:10:22 +01:00
+								ssh_server_sign_host_keys: true