Georg Pfuetzenreuter
ba6522ce5b
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
- move pillar macros and map to base directory - move listener logic from macro to map - update includes respectively Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
38 lines
956 B
Plaintext
38 lines
956 B
Plaintext
{%- from slspath ~ '/../map.jinja' import listeners -%}
|
|
{#-
|
|
{%- from '/tmp/salt-libertacasa/pillar/global/macros.jinja' import listeners with context -%}
|
|
#}
|
|
{%- set host = grains['host'] -%}
|
|
|
|
sshd_config:
|
|
ConfigBanner: |
|
|
### This file is managed via https://git.com.de/LibertaCasa/salt
|
|
### Manual changes will be overwritten
|
|
ListenAddress: {{ listeners() | indent }}
|
|
Protocol: 2
|
|
SyslogFacility: AUTH
|
|
LogLevel: FATAL
|
|
HostKey:
|
|
- /etc/ssh/{{ host }}
|
|
HostKeyAlgorithms: ssh-ed25519-cert-v01@openssh.com
|
|
HostCertificate: /etc/ssh/{{ host }}-cert.pub
|
|
TrustedUserCAKeys: /etc/ssh/user_ca
|
|
PasswordAuthentication: 'no'
|
|
LoginGraceTime: 1m
|
|
PermitRootLogin: 'no'
|
|
StrictModes: 'yes'
|
|
MaxAuthTries: 1
|
|
MaxSessions: 3
|
|
UsePAM: 'yes'
|
|
X11Forwarding: 'no'
|
|
PrintMotd: 'yes'
|
|
PrintLastLog: 'yes'
|
|
Subsystem: sftp /usr/lib/ssh/sftp-server
|
|
Banner: /etc/ssh/banner
|
|
|
|
firewalld:
|
|
zones:
|
|
internal:
|
|
services:
|
|
- ssh
|