- tcpdump
openwrt_packages_extra:
- "-dropbear"
- - openssh-server
- git
+ - kmod-usb-acm
+ - openssh-server
+ - openssh-sftp-server
+ - screen
+ - sudo
+ - usbutils
openwrt_mixin:
# Go binaries
mode: '0755'
file: "{{ playbook_dir }}/files/tuer/authorized_keys.sh"
+ /usr/local/bin/update-keys-from-stdin.sh:
+ mode: '0755'
+ file: "{{ playbook_dir }}/files/tuer/update-keys-from-stdin.sh"
+
/etc/ssh/sshd_config:
- content: |-
+ content: |
Port 22000
AllowUsers root tuerctl tuergit
X11Forwarding no
UsePrivilegeSeparation sandbox
+ Subsystem sftp /usr/libexec/sftp-server
+
Match User tuerctl
AuthorizedKeysFile /dev/null
AuthorizedKeysCommand /usr/local/bin/authorized_keys.sh
AuthorizedKeysCommandUser tuergit
-
+
/etc/ssh/authorized_keys.d/root:
content: |-
{{ key }}
{% endfor %}
+ /etc/ssh/authorized_keys.d/tuergit:
+ content: |-
+ {% for key in noc_ssh_keys %}
+ {{ key }}
+ {% endfor %}
+
openwrt_uci:
+ system:
+ - name: system
+ options:
+ hostname: '{{ inventory_hostname }}'
+ timezone: 'CET-1CEST,M3.5.0,M10.5.0/3'
+ ttylogin: '0'
+ log_size: '64'
+ urandom_seed: '0'
+
+ - name: timeserver 'ntp'
+ options:
+ enabled: '1'
+ enable_server: '0'
+ server:
+ - '0.lede.pool.ntp.org'
+ - '1.lede.pool.ntp.org'
+ - '2.lede.pool.ntp.org'
+ - '3.lede.pool.ntp.org'
+
network:
- name: globals 'globals'
options:
openwrt_users:
tuerd: {}
tuergit:
- home: /var/tuer
+ home: /home/tuergit
shell: /usr/bin/git-shell
tuerctl:
shell: /bin/false # TODO fixme