From f387f98723cbceecc5667ef7eebe4ff329db2cd4 Mon Sep 17 00:00:00 2001 From: Simon Cornet Date: Mon, 2 Mar 2026 16:34:53 +0100 Subject: [PATCH] feat: decomission proxmox --- templates/apt/sources.d/proxmox.list.j2 | 2 -- templates/sshd/sshd_config.j2 | 13 ------------- templates/usermanagement/sudoers.d/sudoers.j2 | 6 ------ 3 files changed, 21 deletions(-) delete mode 100644 templates/apt/sources.d/proxmox.list.j2 diff --git a/templates/apt/sources.d/proxmox.list.j2 b/templates/apt/sources.d/proxmox.list.j2 deleted file mode 100644 index ff0e1e9..0000000 --- a/templates/apt/sources.d/proxmox.list.j2 +++ /dev/null @@ -1,2 +0,0 @@ -# proxmox -deb http://download.proxmox.com/debian/pve bookworm pve-no-subscription diff --git a/templates/sshd/sshd_config.j2 b/templates/sshd/sshd_config.j2 index 3a42c6e..9680574 100644 --- a/templates/sshd/sshd_config.j2 +++ b/templates/sshd/sshd_config.j2 @@ -6,22 +6,12 @@ ListenAddress 0.0.0.0 ListenAddress :: # hostkey -{% if inventory_hostname in groups['proxmox'] %} -HostKey /etc/ssh/ssh_host_rsa_key -{% endif %} HostKey /etc/ssh/ssh_host_ed25519_key # Authentication -{% if inventory_hostname in groups['proxmox'] %} -PermitRootLogin yes -{% else %} PermitRootLogin no -{% endif %} # Hardening -{% if inventory_hostname in groups['proxmox'] %} -AcceptEnv LANG LC_* -{% endif %} StrictModes yes MaxAuthTries 2 MaxStartups 10:50:20 @@ -29,9 +19,6 @@ LoginGraceTime 15 MaxSessions 8 PasswordAuthentication no PubkeyAuthentication yes -{% if inventory_hostname in groups['proxmox'] %} -AllowUsers ansible drone hugo root simon -{% else %} AllowUsers ansible drone hugo simon {% endif %} VersionAddendum "" diff --git a/templates/usermanagement/sudoers.d/sudoers.j2 b/templates/usermanagement/sudoers.d/sudoers.j2 index 17a0783..ba9e6a2 100644 --- a/templates/usermanagement/sudoers.d/sudoers.j2 +++ b/templates/usermanagement/sudoers.d/sudoers.j2 @@ -6,9 +6,6 @@ drone ansible.siempie.internal=(root) NOPASSWD:/usr/local/bin/ansible-galaxy * drone ansible.siempie.internal=(root) NOPASSWD:/usr/local/bin/ansible-playbook * drone ansible.siempie.internal=(root) NOPASSWD:SETENV:/usr/bin/sh * {% endif %} -{% if inventory_hostname in groups['proxmox'] %} -drone {{ inventory_hostname }}=(root) NOPASSWD:/home/drone/scripts/fstrim.sh -{% endif %} {% if inventory_hostname == 'mgmt01.siempie.internal' %} drone mgmt01.siempie.internal=(simon) NOPASSWD:/usr/local/bin/kubectl * drone mgmt01.siempie.internal=(root) NOPASSWD:/usr/local/bin/kubectl * @@ -19,9 +16,6 @@ drone mgmt01.siempie.internal=(root) NOPASSWD:/usr/bin/git * drone packer.siempie.internal=(root) NOPASSWD:/usr/bin/git -C /mnt/packer * drone packer.siempie.internal=(root) NOPASSWD:/usr/local/bin/packer * {% endif %} -{% if inventory_hostname == 'registry.siempie.internal' %} -drone registry.siempie.internal=(root) NOPASSWD:/usr/bin/docker * -{% endif %} {% if inventory_hostname == 'wireguard.do.simoncor.net' %} drone wireguard.do.simoncor.net=(root) NOPASSWD:/usr/bin/rclone * drone wireguard.do.simoncor.net=(root) NOPASSWD:/usr/bin/systemctl reload nginx