From abb854ebee5648c632683d8147a4a38d7080d75b Mon Sep 17 00:00:00 2001
From: Simon Cornet <simon@simoncor.net>
Date: Sun, 22 Jun 2025 14:54:19 +0200
Subject: [PATCH] feat: add proxmox exceptions

---
 templates/sshd/sshd_config.j2 | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/templates/sshd/sshd_config.j2 b/templates/sshd/sshd_config.j2
index fab7c07..3c06903 100644
--- a/templates/sshd/sshd_config.j2
+++ b/templates/sshd/sshd_config.j2
@@ -6,10 +6,17 @@ ListenAddress 0.0.0.0
 ListenAddress ::
 
 # hostkey
+{% if inventory_hostname in groups['proxmox'] %}
+HostKey /etc/ssh/ssh_host_rsa_key
+{% endif %}
 HostKey /etc/ssh/ssh_host_ed25519_key
 
 # Authentication
-PermitRootLogin no
+{% if inventory_hostname in groups['proxmox'] %}
+PermitRootLogin yes
+{% else %}
+PermitRootLogin no 
+{% endif %}
 
 # Hardening
 StrictModes yes
@@ -19,7 +26,11 @@ LoginGraceTime 15
 MaxSessions 8
 PasswordAuthentication no
 PubkeyAuthentication yes
+{% if inventory_hostname in groups['proxmox'] %}
+AllowUsers ansible drone hugo root simon
+{% else %}
 AllowUsers ansible drone hugo simon
+{% endif %}
 VersionAddendum ""
 IgnoreRhosts yes
 UseDNS no