roles/aurweb: Change aurweb role to support sshd includes

Added support for the aurweb role to the new openssh include mechanism, that's baked into our sshd role.

roles/aurweb: Change aurweb role to support sshd includes
Added support for the aurweb role to the new openssh include mechanism, that's baked into our sshd role.
e70ab6ce · Giancarlo Razzolini · 6c489c9b · e70ab6ce · e70ab6ce · e70ab6ce
Verified Commit e70ab6ce authored Feb 17, 2020 by Giancarlo Razzolini
--- a/playbooks/aur-dev.archlinux.org.yml
+++ b/playbooks/aur-dev.archlinux.org.yml
@@ -6,7 +6,7 @@
  roles:
    - { role: common }
    - { role: tools }
-    - { role: sshd }
+    - { role: sshd, sshd_enable_includes: true }
    - { role: root_ssh }
    - { role: certbot }
    - { role: nginx }

--- a/roles/aurweb/tasks/main.yml
+++ b/roles/aurweb/tasks/main.yml
@@ -245,6 +245,6 @@
       - aurweb-tuvotereminder.timer

 - name: configure sshd
-  template: src=sshd_config.j2 dest=/etc/ssh/sshd_config owner=root group=root mode=0644 validate='/usr/sbin/sshd -t -f %s'
+  template: src=aurweb_config.j2 dest={{ sshd_includes_dir }}/aurweb_config owner=root group=root mode=0600 validate='/usr/sbin/sshd -t -f %s'
  notify:
    - restart sshd
--- a/roles/aurweb/templates/aurweb_config.j2
+++ b/roles/aurweb/templates/aurweb_config.j2
+Match User {{ aurweb_user }}
+        PasswordAuthentication no
+        AuthorizedKeysCommand /usr/local/bin/aurweb-git-auth "%t" "%k"
+        AuthorizedKeysCommandUser {{ aurweb_user }}
+        AcceptEnv AUR_OVERWRITE