feat: decomission proxmox

2026-03-02 16:34:53 +01:00 · 2026-03-02 16:34:53 +01:00 · f387f98723
commit f387f98723
parent 23579c9c4e
3 changed files with 0 additions and 21 deletions
--- a/templates/apt/sources.d/proxmox.list.j2
+++ b/templates/apt/sources.d/proxmox.list.j2
@ -1,2 +0,0 @@
-# proxmox
-deb http://download.proxmox.com/debian/pve bookworm pve-no-subscription
--- a/templates/sshd/sshd_config.j2
+++ b/templates/sshd/sshd_config.j2
@ -6,22 +6,12 @@ ListenAddress 0.0.0.0
 ListenAddress ::

 # hostkey
-{% if inventory_hostname in groups['proxmox'] %}
-HostKey /etc/ssh/ssh_host_rsa_key
-{% endif %}
 HostKey /etc/ssh/ssh_host_ed25519_key

 # Authentication
-{% if inventory_hostname in groups['proxmox'] %}
-PermitRootLogin yes
-{% else %}
 PermitRootLogin no 
-{% endif %}

 # Hardening
-{% if inventory_hostname in groups['proxmox'] %}
-AcceptEnv LANG LC_*
-{% endif %}
 StrictModes yes
 MaxAuthTries 2
 MaxStartups 10:50:20
@ -29,9 +19,6 @@ LoginGraceTime 15
 MaxSessions 8
 PasswordAuthentication no
 PubkeyAuthentication yes
-{% if inventory_hostname in groups['proxmox'] %}
-AllowUsers ansible drone hugo root simon
-{% else %}
 AllowUsers ansible drone hugo simon
 {% endif %}
 VersionAddendum ""
--- a/templates/usermanagement/sudoers.d/sudoers.j2
+++ b/templates/usermanagement/sudoers.d/sudoers.j2
@ -6,9 +6,6 @@ drone ansible.siempie.internal=(root) NOPASSWD:/usr/local/bin/ansible-galaxy *
 drone ansible.siempie.internal=(root) NOPASSWD:/usr/local/bin/ansible-playbook *
 drone ansible.siempie.internal=(root) NOPASSWD:SETENV:/usr/bin/sh *
 {% endif %}
-{% if inventory_hostname in groups['proxmox'] %}
-drone {{ inventory_hostname }}=(root) NOPASSWD:/home/drone/scripts/fstrim.sh
-{% endif %}
 {% if inventory_hostname == 'mgmt01.siempie.internal' %}
 drone mgmt01.siempie.internal=(simon) NOPASSWD:/usr/local/bin/kubectl *
 drone mgmt01.siempie.internal=(root) NOPASSWD:/usr/local/bin/kubectl *
@ -19,9 +16,6 @@ drone mgmt01.siempie.internal=(root) NOPASSWD:/usr/bin/git *
 drone packer.siempie.internal=(root) NOPASSWD:/usr/bin/git -C /mnt/packer *
 drone packer.siempie.internal=(root) NOPASSWD:/usr/local/bin/packer *
 {% endif %}
-{% if inventory_hostname == 'registry.siempie.internal' %}
-drone registry.siempie.internal=(root) NOPASSWD:/usr/bin/docker *
-{% endif %}
 {% if inventory_hostname == 'wireguard.do.simoncor.net' %}
 drone wireguard.do.simoncor.net=(root) NOPASSWD:/usr/bin/rclone *
 drone wireguard.do.simoncor.net=(root) NOPASSWD:/usr/bin/systemctl reload nginx