LibertaCasa/salt
LibertaCasa/salt
9
1
Fork 0
Code Issues 5 Pull Requests Releases Activity

Compare commits

base: LibertaCasa:b7ec9e683fd299b088d59c84e669eccd372aa7f3
Branches Tags
LibertaCasa:production
LibertaCasa:change_bridges
LibertaCasa:fix/matterb-trashtgirclinks
LibertaCasa:add/matterbridge-chillnet-tgchan
LibertaCasa:mta-optional
LibertaCasa:orpheus
LibertaCasa:privatebin
LibertaCasa:bookstack
LibertaCasa:nsd
LibertaCasa:import-denc-webcluster
LibertaCasa:fix/pillar_boolquotes
..
compare: LibertaCasa:f949c0aba0bd9863474a35e1613eb23554acc449
Branches Tags
LibertaCasa:production
LibertaCasa:change_bridges
LibertaCasa:fix/matterb-trashtgirclinks
LibertaCasa:add/matterbridge-chillnet-tgchan
LibertaCasa:mta-optional
LibertaCasa:orpheus
LibertaCasa:privatebin
LibertaCasa:bookstack
LibertaCasa:nsd
LibertaCasa:import-denc-webcluster
LibertaCasa:fix/pillar_boolquotes

No commits in common. "b7ec9e683fd299b088d59c84e669eccd372aa7f3" and "f949c0aba0bd9863474a35e1613eb23554acc449" have entirely different histories.
b7ec9e683f ... f949c0aba0

6 changed files with 1 additions and 63 deletions
Show Stats Expand all files Collapse all files

1
pillar/formulas.yaml
View File

@ -1,4 +1,3 @@
- postfix - postfix
- salt - salt
- users - users
- openssh

1
pillar/global/init.sls
View File

@ -2,7 +2,6 @@ include:
- role.salt.common - role.salt.common
- role.salt.minion - role.salt.minion
- .mta - .mta
- .ssh
managed_header_pound: | managed_header_pound: |
### This file is managed via https://git.com.de/LibertaCasa/salt ### This file is managed via https://git.com.de/LibertaCasa/salt

17
pillar/global/macros.jinja
View File

@ -1,17 +0,0 @@
{%- macro listeners() -%}
{%- set listen_ips = [] -%}
{%- set legal6s = ('fd29', '2a01:4f8:11e:2200') -%}
{%- for ip in salt['network.ip_addrs']() -%}
{%- if salt['network.is_private'](ip) -%}
{%- do listen_ips.append(ip) -%}
{%- endif -%}
{%- endfor -%}
{%- for ip in salt['network.ip_addrs6']() -%}
{%- if ip.startswith(legal6s) -%}
{%- do listen_ips.append(ip) -%}
{%- endif -%}
{%- endfor -%}
{%- for ip in listen_ips %}
- {{ ip }}
{%- endfor %}
{%- endmacro -%}

31
pillar/global/ssh.sls
View File

@ -1,31 +0,0 @@
{%- from slspath ~ '/../global/macros.jinja' import listeners -%}
{#-
{%- from '/tmp/salt-libertacasa/pillar/global/macros.jinja' import listeners with context -%}
#}
{%- set host = grains['host'] -%}
sshd_config:
ConfigBanner: |
### This file is managed via https://git.com.de/LibertaCasa/salt
### Manual changes will be overwritten
ListenAddress: {{ listeners() | indent }}
Protocol: 2
SyslogFacility: AUTH
LogLevel: FATAL
HostKey:
- /etc/ssh/{{ host }}
HostKeyAlgorithms: ssh-ed25519-cert-v01@openssh.com
HostCertificate: /etc/ssh/{{ host }}-cert.pub
TrustedUserCAKeys: /etc/ssh/user_ca
PasswordAuthentication: 'no'
LoginGraceTime: 1m
PermitRootLogin: 'no'
StrictModes: 'yes'
MaxAuthTries: 1
MaxSessions: 3
UsePAM: 'yes'
X11Forwarding: 'no'
PrintMotd: 'yes'
PrintLastLog: 'yes'
Subsystem: sftp /usr/lib/ssh/sftp-server

12
salt/common/ssh.sls
View File

@ -1,12 +0,0 @@
include:
- openssh.banner
- openssh.config
/etc/ssh/user_ca:
file.managed:
- contents:
{%- for key in salt['pillar.get']('secret_ssh:userca_keys') -%}
- {{ key }}
{%- endfor -%}
- require:
- pkg: openssh

2
salt/common/suse.sls
View File

@ -3,7 +3,7 @@ include:
- profile.zypp - profile.zypp
- profile.node_exporter - profile.node_exporter
- users - users
- .ssh - postfix
- postfix.config - postfix.config
{#- to-do: move this to some formula or macro -#} {#- to-do: move this to some formula or macro -#}