Verified Commit e70ab6ce authored by Giancarlo Razzolini's avatar Giancarlo Razzolini
Browse files

roles/aurweb: Change aurweb role to support sshd includes

Added support for the aurweb role to the new openssh include mechanism,
that's baked into our sshd role.
parent 6c489c9b
......@@ -6,7 +6,7 @@
roles:
- { role: common }
- { role: tools }
- { role: sshd }
- { role: sshd, sshd_enable_includes: true }
- { role: root_ssh }
- { role: certbot }
- { role: nginx }
......
......@@ -245,6 +245,6 @@
- aurweb-tuvotereminder.timer
- name: configure sshd
template: src=sshd_config.j2 dest=/etc/ssh/sshd_config owner=root group=root mode=0644 validate='/usr/sbin/sshd -t -f %s'
template: src=aurweb_config.j2 dest={{ sshd_includes_dir }}/aurweb_config owner=root group=root mode=0600 validate='/usr/sbin/sshd -t -f %s'
notify:
- restart sshd
Match User {{ aurweb_user }}
PasswordAuthentication no
AuthorizedKeysCommand /usr/local/bin/aurweb-git-auth "%t" "%k"
AuthorizedKeysCommandUser {{ aurweb_user }}
AcceptEnv AUR_OVERWRITE
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment