projects
/
noc.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
ansible/base: Workaround [NFLX-2019-001] (CVE-2019-1147{7,8,9})
[noc.git]
/
ansible
/
host_vars
/
torwaechter
/
main.yml
diff --git
a/ansible/host_vars/torwaechter/main.yml
b/ansible/host_vars/torwaechter/main.yml
index
2a2316f
..
43ca535
100644
(file)
--- a/
ansible/host_vars/torwaechter/main.yml
+++ b/
ansible/host_vars/torwaechter/main.yml
@@
-1,4
+1,6
@@
---
---
+ssh_users_tuergit: "{{ user_groups.noc | union(['fgenesis']) }}"
+
openwrt_arch: x86
openwrt_target: geode
openwrt_output_image_suffixes:
openwrt_arch: x86
openwrt_target: geode
openwrt_output_image_suffixes:
@@
-31,11
+33,11
@@
openwrt_mixin:
/usr/local/bin/authorized_keys.sh:
mode: '0755'
/usr/local/bin/authorized_keys.sh:
mode: '0755'
- file: "{{ global_artifacts_dir }}/{{ inventory_hostname }}/authorized_keys.sh"
+ file: "{{ global_files_dir }}/{{ inventory_hostname }}/authorized_keys.sh"
/usr/local/bin/update-keys-from-stdin.sh:
mode: '0755'
/usr/local/bin/update-keys-from-stdin.sh:
mode: '0755'
- file: "{{ global_artifacts_dir }}/{{ inventory_hostname }}/update-keys-from-stdin.sh"
+ file: "{{ global_files_dir }}/{{ inventory_hostname }}/update-keys-from-stdin.sh"
/etc/ssh/sshd_config:
content: |
/etc/ssh/sshd_config:
content: |
@@
-58,16
+60,10
@@
openwrt_mixin:
AuthorizedKeysCommandUser tuergit
/etc/ssh/authorized_keys.d/root:
AuthorizedKeysCommandUser tuergit
/etc/ssh/authorized_keys.d/root:
- content: |-
- {% for key in noc_ssh_keys %}
- {{ key }}
- {% endfor %}
+ content: "{{ ssh_users_root | user_ssh_keys(users) | join('\n') }}\n"
/etc/ssh/authorized_keys.d/tuergit:
/etc/ssh/authorized_keys.d/tuergit:
- content: |-
- {% for key in noc_ssh_keys %}
- {{ key }}
- {% endfor %}
+ content: "{{ ssh_users_tuergit | user_ssh_keys(users) | join('\n') }}\n"
openwrt_uci:
system:
openwrt_uci:
system: