chore: rename ‹ssh› group of roles

Signed-off-by: Matej Focko <me@mfocko.xyz>
2024-12-12 16:10:22 +01:00 · 2024-12-12 16:10:22 +01:00 · 0135bcd48f
commit 0135bcd48f
parent f8adf14aff
15 changed files with 21 additions and 21 deletions
--- a/group_vars/desktops/vars
+++ b/group_vars/desktops/vars
@ -1,6 +1,6 @@
-sshd_port: 22
-sshd_sign_host_keys: false
-sshd_auth_password_authentication: "yes"
+ssh_server_port: 22
+ssh_server_sign_host_keys: false
+ssh_server_auth_password_authentication: "yes"

 flatpak_apps:
  - "com.chatterino.chatterino/{{ ansible_architecture }}/stable"
--- a/host_vars/mountainside/vars
+++ b/host_vars/mountainside/vars
@ -1,4 +1,4 @@
-system_sshd_port: 22022
+ssh_server_port: 22022

 certbot_domains:
  - mountainside.mfocko.xyz
--- a/playbooks/bootstrap.yml
+++ b/playbooks/bootstrap.yml
@ -32,7 +32,7 @@
      tags: podman

    # Install and configure SSH server
-    - role: sshd
+    - role: ssh_server
      become: true
      tags: sshd

@ -55,7 +55,7 @@
      tags: git

    # Configure ssh
-    - role: ssh
+    - role: ssh_client
      tags: ssh

    # Set up GPG
--- a/roles/ssh_client/files/ssh_config
+++ b/roles/ssh_client/files/ssh_config
--- a/roles/ssh_client/files/vssh
+++ b/roles/ssh_client/files/vssh
--- a/roles/ssh_client/tasks/main.yml
+++ b/roles/ssh_client/tasks/main.yml
--- a/roles/ssh_server/defaults/main.yml
+++ b/roles/ssh_server/defaults/main.yml
@ -1,15 +1,15 @@
 ---
 # Whether to accept password auth; ‹yes› or ‹no›
-sshd_auth_password_authentication: "no"
+ssh_server_auth_password_authentication: "no"

 # Whether to allow ‹root› login; ‹yes› or ‹no›
-sshd_auth_permit_root_login: "no"
+ssh_server_auth_permit_root_login: "no"

 # Whether to setup trusted CA (against the HashiCorp Vault instance)
-sshd_auth_trusted_ca: true
+ssh_server_auth_trusted_ca: true

 # Default port where the SSH daemon runs; also adjusts the SELinux policy
-sshd_port: 10022
+ssh_server_port: 10022

 # [TODO]: Whether to sign the host keys (against the HashiCorp Vault instance)
-sshd_sign_host_keys: true
+ssh_server_sign_host_keys: true
--- a/roles/ssh_server/files/10-ca.conf
+++ b/roles/ssh_server/files/10-ca.conf
--- a/roles/ssh_server/handlers/main.yml
+++ b/roles/ssh_server/handlers/main.yml
--- a/roles/ssh_server/tasks/install.yml
+++ b/roles/ssh_server/tasks/install.yml
--- a/roles/ssh_server/tasks/main.yml
+++ b/roles/ssh_server/tasks/main.yml
@ -29,7 +29,7 @@

 - name: Notify SELinux about new port
  community.general.seport:
-    ports: "{{ sshd_port }}"
+    ports: "{{ ssh_server_port }}"
    proto: "tcp"
    setype: "ssh_port_t"
    state: "present"
@ -37,7 +37,7 @@

 - name: Enable the new SSH port on firewall
  ansible.posix.firewalld:
-    port: "{{ sshd_port }}/tcp"
+    port: "{{ ssh_server_port }}/tcp"
    immediate: true
    permanent: true
    state: enabled
--- a/roles/ssh_server/tasks/trusted_ca.yml
+++ b/roles/ssh_server/tasks/trusted_ca.yml
--- a/roles/ssh_server/templates/10-harden.conf
+++ b/roles/ssh_server/templates/10-harden.conf
@ -0,0 +1,8 @@
+# {{ ansible_managed }}
+
+# Port
+Port {{ ssh_server_port }}
+
+# Auth
+PermitRootLogin {{ ssh_server_auth_permit_root_login }}
+PasswordAuthentication {{ ssh_server_auth_password_authentication }}
--- a/roles/ssh_server/templates/10-signed-host-key.conf
+++ b/roles/ssh_server/templates/10-signed-host-key.conf
--- a/roles/sshd/templates/10-harden.conf
+++ b/roles/sshd/templates/10-harden.conf
@ -1,8 +0,0 @@
-# {{ ansible_managed }}
-
-# Port
-Port {{ sshd_port }}
-
-# Auth
-PermitRootLogin {{ sshd_auth_permit_root_login }}
-PasswordAuthentication {{ sshd_auth_password_authentication }}