update everything to be ad compatible

2023-07-25 16:58:19 +02:00
parent ed25955111
commit 8887c47c2c
5 changed files with 13 additions and 85 deletions
--- a/roles/common/tasks/ssh-security-settings.yaml
+++ b/roles/common/tasks/ssh-security-settings.yaml
@ -1,10 +1,4 @@
 ---
- name: Disable password authentication
-  ansible.builtin.replace:
-    path: /etc/ssh/sshd_config
-    regexp: 'PasswordAuthentication yes'
-    replace: 'PasswordAuthentication no'
-
 - name: Disable root authentication
  ansible.builtin.replace:
    path: /etc/ssh/sshd_config
@ -23,22 +17,6 @@
    regexp: '#AddressFamily any'
    replace: 'AddressFamily inet'

- name: Check if AllowUsers is defined
-  ansible.builtin.lineinfile:
-    state: absent
-    path: /etc/ssh/sshd_config
-    regexp: "intra.tormakris.dev"
-  check_mode: true
-  changed_when: false
-  register: checkallowusers
-
- name: Define AllowUsers if undefined
-  ansible.builtin.lineinfile:
-    state: present
-    path: /etc/ssh/sshd_config
-    line: "AllowUsers tormakris@intra.tormakris.dev ansible@intra.tormakris.dev service-user@intra.tormakris.dev"
-  when: checkallowusers.found == 0
-
 - name: "Restart sshd"
  ansible.builtin.service:
    name: sshd
--- a/roles/common/tasks/user-ops.yaml
+++ b/roles/common/tasks/user-ops.yaml
@ -1,5 +1,5 @@
 ---
- name: Create .ssh directory of root user
+- name: Create .ssh directory of ansible user
  ansible.builtin.file:
    path: /home/ansible@intra.tormakris.dev/.ssh
    state: directory