From 9f3149d00edf00f1d577acbc710053ff76982f90 Mon Sep 17 00:00:00 2001
From: Evangelos Foutras <evangelos@foutrelis.com>
Date: Fri, 14 Oct 2022 19:53:04 +0300
Subject: [PATCH] Enable the sshd role in playbooks/all-hosts-basic

Move the 'sshd_enable_includes' override to aur's host vars instead of
specifying it as part of playbooks/aur.archlinux.org. Otherwise, would
break the AUR's SSH auth if ssh.d/aurweb_config does not get included.
---
 host_vars/aur.archlinux.org/misc | 1 +
 playbooks/all-hosts-basic.yml    | 3 +--
 playbooks/aur.archlinux.org.yml  | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/host_vars/aur.archlinux.org/misc b/host_vars/aur.archlinux.org/misc
index 16b768900..4cbacf647 100644
--- a/host_vars/aur.archlinux.org/misc
+++ b/host_vars/aur.archlinux.org/misc
@@ -1,4 +1,5 @@
 filesystem: btrfs
 memcached_socket: "/run/memcached/aurweb.sock"
+sshd_enable_includes: true
 wireguard_address: 10.0.0.2
 wireguard_public_key: TPLeGQ7qU6ZNtcgDbEV0SSYScvK+XS5igcPdGSXo6UA=
diff --git a/playbooks/all-hosts-basic.yml b/playbooks/all-hosts-basic.yml
index 62d6c3a50..f40cfdac1 100644
--- a/playbooks/all-hosts-basic.yml
+++ b/playbooks/all-hosts-basic.yml
@@ -5,8 +5,7 @@
     - { role: common }
     - { role: firewalld }
     - { role: wireguard }
-    # reconfiguring sshd may break the AUR on luna (unchecked)
-    # - { role: sshd, tags: ['sshd'] }
+    - { role: sshd }
     - { role: root_ssh }
     - { role: borg_client, tags: ["borg"], when: "'borg_clients' in group_names" }
     - { role: hardening }
diff --git a/playbooks/aur.archlinux.org.yml b/playbooks/aur.archlinux.org.yml
index bf869676e..b5c60ea11 100644
--- a/playbooks/aur.archlinux.org.yml
+++ b/playbooks/aur.archlinux.org.yml
@@ -3,7 +3,7 @@
   remote_user: root
   roles:
     - { role: common }
-    - { role: sshd, sshd_enable_includes: true }
+    - { role: sshd }
     - { role: root_ssh }
     - { role: prometheus_exporters }
     - { role: promtail }
-- 
GitLab