ansible/common
ansible/common
1
0
Fork 0
Code Issues Pull requests Releases Activity

feat: decomission proxmox

Browse source
This commit is contained in:
Simon Cornet 2026-03-02 16:34:53 +01:00
commit f387f98723
3 changed files with 0 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

2
templates/apt/sources.d/proxmox.list.j2
View file

@ -1,2 +0,0 @@
# proxmox
deb http://download.proxmox.com/debian/pve bookworm pve-no-subscription

13
templates/sshd/sshd_config.j2
View file

@ -6,22 +6,12 @@ ListenAddress 0.0.0.0
ListenAddress :: ListenAddress ::
# hostkey # hostkey
{% if inventory_hostname in groups['proxmox'] %}
HostKey /etc/ssh/ssh_host_rsa_key
{% endif %}
HostKey /etc/ssh/ssh_host_ed25519_key HostKey /etc/ssh/ssh_host_ed25519_key
# Authentication # Authentication
{% if inventory_hostname in groups['proxmox'] %}
PermitRootLogin yes
{% else %}
PermitRootLogin no PermitRootLogin no
{% endif %}
# Hardening # Hardening
{% if inventory_hostname in groups['proxmox'] %}
AcceptEnv LANG LC_*
{% endif %}
StrictModes yes StrictModes yes
MaxAuthTries 2 MaxAuthTries 2
MaxStartups 10:50:20 MaxStartups 10:50:20
@ -29,9 +19,6 @@ LoginGraceTime 15
MaxSessions 8 MaxSessions 8
PasswordAuthentication no PasswordAuthentication no
PubkeyAuthentication yes PubkeyAuthentication yes
{% if inventory_hostname in groups['proxmox'] %}
AllowUsers ansible drone hugo root simon
{% else %}
AllowUsers ansible drone hugo simon AllowUsers ansible drone hugo simon
{% endif %} {% endif %}
VersionAddendum "" VersionAddendum ""

6
templates/usermanagement/sudoers.d/sudoers.j2
View file

@ -6,9 +6,6 @@ drone ansible.siempie.internal=(root) NOPASSWD:/usr/local/bin/ansible-galaxy *
drone ansible.siempie.internal=(root) NOPASSWD:/usr/local/bin/ansible-playbook * drone ansible.siempie.internal=(root) NOPASSWD:/usr/local/bin/ansible-playbook *
drone ansible.siempie.internal=(root) NOPASSWD:SETENV:/usr/bin/sh * drone ansible.siempie.internal=(root) NOPASSWD:SETENV:/usr/bin/sh *
{% endif %} {% endif %}
{% if inventory_hostname in groups['proxmox'] %}
drone {{ inventory_hostname }}=(root) NOPASSWD:/home/drone/scripts/fstrim.sh
{% endif %}
{% if inventory_hostname == 'mgmt01.siempie.internal' %} {% if inventory_hostname == 'mgmt01.siempie.internal' %}
drone mgmt01.siempie.internal=(simon) NOPASSWD:/usr/local/bin/kubectl * drone mgmt01.siempie.internal=(simon) NOPASSWD:/usr/local/bin/kubectl *
drone mgmt01.siempie.internal=(root) NOPASSWD:/usr/local/bin/kubectl * drone mgmt01.siempie.internal=(root) NOPASSWD:/usr/local/bin/kubectl *
@ -19,9 +16,6 @@ drone mgmt01.siempie.internal=(root) NOPASSWD:/usr/bin/git *
drone packer.siempie.internal=(root) NOPASSWD:/usr/bin/git -C /mnt/packer * drone packer.siempie.internal=(root) NOPASSWD:/usr/bin/git -C /mnt/packer *
drone packer.siempie.internal=(root) NOPASSWD:/usr/local/bin/packer * drone packer.siempie.internal=(root) NOPASSWD:/usr/local/bin/packer *
{% endif %} {% endif %}
{% if inventory_hostname == 'registry.siempie.internal' %}
drone registry.siempie.internal=(root) NOPASSWD:/usr/bin/docker *
{% endif %}
{% if inventory_hostname == 'wireguard.do.simoncor.net' %} {% if inventory_hostname == 'wireguard.do.simoncor.net' %}
drone wireguard.do.simoncor.net=(root) NOPASSWD:/usr/bin/rclone * drone wireguard.do.simoncor.net=(root) NOPASSWD:/usr/bin/rclone *
drone wireguard.do.simoncor.net=(root) NOPASSWD:/usr/bin/systemctl reload nginx drone wireguard.do.simoncor.net=(root) NOPASSWD:/usr/bin/systemctl reload nginx