SSH: Add global known hosts
This commit is contained in:
Jannik Beyerstedt
parent
7c1d978654
commit
03c99a7b8c
6 changed files with 53 additions and 10 deletions
|
|
@ -8,7 +8,7 @@ This role is compatible with Debian based systems, macOS, CentOS (no development
|
||||||
Requirements
|
Requirements
|
||||||
------------
|
------------
|
||||||
|
|
||||||
Have a user set up on the machine, to which you can connecto via a ssh key.
|
Have a user set up on the machine, to which you can connect to via a ssh key.
|
||||||
This user must also have sudo right without asking for a password!
|
This user must also have sudo right without asking for a password!
|
||||||
(e.g. using `%sudo ALL=(ALL) NOPASSWD:ALL` when editing the sudoers file with `sudo visudo`)
|
(e.g. using `%sudo ALL=(ALL) NOPASSWD:ALL` when editing the sudoers file with `sudo visudo`)
|
||||||
|
|
||||||
|
|
@ -31,6 +31,9 @@ The User Setup will change the user shell and global gitconfig. This can be disa
|
||||||
- `usersetup_virtualenvwrapper`: Boolean to enable the virtualenvwrapper plugin in oh-my-zsh (default: false)
|
- `usersetup_virtualenvwrapper`: Boolean to enable the virtualenvwrapper plugin in oh-my-zsh (default: false)
|
||||||
- `usersetup_vimplugins`: Boolean to enable installing my VIM plugins (default: true)
|
- `usersetup_vimplugins`: Boolean to enable installing my VIM plugins (default: true)
|
||||||
|
|
||||||
|
The SSH Setup will add some global known host keys.
|
||||||
|
Additional keys can be specified by providing a list in `ssh_known_hosts`.
|
||||||
|
|
||||||
The development environment for different programming languages can be setup automatically.
|
The development environment for different programming languages can be setup automatically.
|
||||||
To enable, that Visual Studio Code will be installed and configured, set `user_vscode` to true, otherwise only the bare development toolchain will be installed.
|
To enable, that Visual Studio Code will be installed and configured, set `user_vscode` to true, otherwise only the bare development toolchain will be installed.
|
||||||
For a GUI/ Desktop machine, you can enable to install and configure VS Code:
|
For a GUI/ Desktop machine, you can enable to install and configure VS Code:
|
||||||
|
|
|
||||||
|
|
@ -26,3 +26,7 @@
|
||||||
# run this for every maintenance/ update cycle
|
# run this for every maintenance/ update cycle
|
||||||
- name: Apply user settings
|
- name: Apply user settings
|
||||||
ansible.builtin.import_tasks: usersettings.yml
|
ansible.builtin.import_tasks: usersettings.yml
|
||||||
|
|
||||||
|
# run this for every maintenance/ update cycle
|
||||||
|
- name: Apply SSH client settings
|
||||||
|
ansible.builtin.import_tasks: sshsettings.yml
|
||||||
|
|
|
||||||
23
tasks/sshsettings.yml
Normal file
23
tasks/sshsettings.yml
Normal file
|
|
@ -0,0 +1,23 @@
|
||||||
|
---
|
||||||
|
# Common/SSH Setting: Universal SSH client settings
|
||||||
|
|
||||||
|
- name: Sshsettings - Add global config
|
||||||
|
become: true
|
||||||
|
tags: common_ssh
|
||||||
|
ansible.builtin.copy:
|
||||||
|
dest: /etc/ssh/ssh_config.d/global-known-hosts
|
||||||
|
mode: "0644"
|
||||||
|
owner: root
|
||||||
|
content: |
|
||||||
|
Host *
|
||||||
|
GlobalKnownHostsFile {{ ssh_client_global_known_hosts_file }}
|
||||||
|
VerifyHostKeyDNS yes
|
||||||
|
|
||||||
|
- name: Sshsettings - Add global known_hosts
|
||||||
|
become: true
|
||||||
|
tags: common_ssh
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: "{{ role_path }}/templates/ssh_known_hosts.j2"
|
||||||
|
dest: "{{ ssh_client_global_known_hosts_file }}"
|
||||||
|
mode: "0644"
|
||||||
|
owner: root
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
# Common/Usersettings: Universial Dotfiles. Update regularly.
|
# Common/Usersettings: Universal Dotfiles. Update regularly.
|
||||||
|
|
||||||
- name: Usersettings - Install required tools
|
- name: Usersettings - Install required tools
|
||||||
become: "{{ ansible_facts['os_family'] != 'Darwin' }}"
|
become: "{{ ansible_facts['os_family'] != 'Darwin' }}"
|
||||||
|
|
@ -75,10 +75,7 @@
|
||||||
src: "{{ role_path }}/files/_gitignore_global",
|
src: "{{ role_path }}/files/_gitignore_global",
|
||||||
dest: "{{ ansible_facts['user_dir'] }}/.gitignore_global",
|
dest: "{{ ansible_facts['user_dir'] }}/.gitignore_global",
|
||||||
}
|
}
|
||||||
- {
|
- { src: "{{ role_path }}/files/_config/mpv.conf", dest: "{{ ansible_facts['user_dir'] }}/.config/mpv/" }
|
||||||
src: "{{ role_path }}/files/_config/mpv.conf",
|
|
||||||
dest: "{{ ansible_facts['user_dir'] }}/.config/mpv/",
|
|
||||||
}
|
|
||||||
- {
|
- {
|
||||||
src: "{{ role_path }}/files/_oh-my-zsh/jtbx.zsh-theme",
|
src: "{{ role_path }}/files/_oh-my-zsh/jtbx.zsh-theme",
|
||||||
dest: "{{ ansible_facts['user_dir'] }}/.oh-my-zsh/custom/themes/jtbx.zsh-theme",
|
dest: "{{ ansible_facts['user_dir'] }}/.oh-my-zsh/custom/themes/jtbx.zsh-theme",
|
||||||
|
|
@ -148,10 +145,7 @@
|
||||||
repo: "https://github.com/itchyny/lightline.vim",
|
repo: "https://github.com/itchyny/lightline.vim",
|
||||||
dest: "{{ ansible_facts['user_dir'] }}/.vim/bundle/lightline",
|
dest: "{{ ansible_facts['user_dir'] }}/.vim/bundle/lightline",
|
||||||
}
|
}
|
||||||
- {
|
- { repo: "https://github.com/w0rp/ale", dest: "{{ ansible_facts['user_dir'] }}/.vim/bundle/ale" }
|
||||||
repo: "https://github.com/w0rp/ale",
|
|
||||||
dest: "{{ ansible_facts['user_dir'] }}/.vim/bundle/ale",
|
|
||||||
}
|
|
||||||
- {
|
- {
|
||||||
repo: "https://github.com/airblade/vim-gitgutter",
|
repo: "https://github.com/airblade/vim-gitgutter",
|
||||||
dest: "{{ ansible_facts['user_dir'] }}/.vim/bundle/vim-gitgutter",
|
dest: "{{ ansible_facts['user_dir'] }}/.vim/bundle/vim-gitgutter",
|
||||||
|
|
|
||||||
17
templates/ssh_known_hosts.j2
Normal file
17
templates/ssh_known_hosts.j2
Normal file
|
|
@ -0,0 +1,17 @@
|
||||||
|
github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
|
||||||
|
github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
|
||||||
|
github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
|
||||||
|
hetzner-01.h.jtbx.de ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ6cTbO4lpXINQyS/txsNvlEfOBM1OJNA5juhYjNQi3H
|
||||||
|
hetzner-01.h.jtbx.de ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBH+iulBjErw8LDQOUir5oz254EriG8bKmsSQ3hVcByNdMVkMqPKsd5fpBdoOYMsuhA+MnTPQppHCBxXUtNVE/Bg=
|
||||||
|
hetzner-01.h.jtbx.de ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDbHQL9/R+rlP10jC6UZkWNr1qL+h+XiYiptkSxMXQm+LV6TEu1OH91opNjrGTlTPeQVt6Y10MPWUIhxJ4oNkHH31JsXnxwDKiFDW/TIOCBFcqafWWbszaxVUFavfiaUbqq+YMSJoBWLitW2pXd8g95bY1EyTT1if1fd2E+a8k9KQ/i0aSnpZGOL8rpvLw+0kULFu0iMBrhBf0YVfNA1zO59c2C3nyTGnGuJAeiPV7j6buhRxLl+u+LhjEC+RG6/zWFPdT0Wui3giAPzhlEoKrdPqmqGBEcLXer3x01mY902zlgOOQM3+kzh9MBQvYO0gGa+DvaSz/Pr12cF2/fvrbn
|
||||||
|
[git.beyerstedt.de]:4022 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFcj7LCgH81ZHyXzzQAMx35EQbOyw4NIB313l+/axbHK
|
||||||
|
[git.beyerstedt.de]:4022 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGSVuwt4ZTrLQ5JEUOJTnN5VJwICxOSs3pxRXJDowp+dEIfdGo/1+4fVtE6pD+nf4gWGSSBXluygJRUIhudrBnk=
|
||||||
|
[git.beyerstedt.de]:4022 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCcZbbh2s20jh2pR8bp0G1Eb9Dv0EKnalNcrDtT3OoZIyxqQxq29sF1A5KASHwrvohU+uBTdPoBJU4JLho5Az8nukZ7HABd4Z3vTTBTPo1nzisX7cbt08TOa3BhsTLrta+8ShZcoamyQ0G+yy466lf3M0PWzHxOU1lbvGOFgt4s5haBB08Mycpa3EbqmrrhIJCkApAZmzTkY/OVnYpeSa8P//LbpvROZQAAT4Q0sjLbHgj1FvXg8meKIhe65eoAp+AVeuZXIiuBSmFh6d2h8bmu9xS6fTJnmidTD3SPupYe/mJRLkm/TA9nRcDsxrvfd9P5gwwe7ySRpg+Qe+sx000F
|
||||||
|
kvm-nuc.fritz.box ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILGt/VAAC70WFV6GMXf0vsMANvfLH5JxJnvV8rESs6QP
|
||||||
|
kvm-nuc.fritz.box ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLYrkG2v8MitGH0yEGxzHhPP64kB9b5fbZn7S9UiUpVmMRCJ6bH1kq9FsJhnTvikjJjZMy1ysF1VqMwbbnzS4vw=
|
||||||
|
kvm-nuc.fritz.box ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCYZh31MzprFBtSJEZ7yT0GLcsY1ugCya/1BPZVtKBuzJClvbenr1W+3JCIVCJ4QELwzNbFNmkD5GiqhvXM0mcYfLmkthXMnUG4ZFAGg4LayDsfsZAMsS1nSVjOi3H/lz1aB6JdZ+2OCcyxnpDnGdBak/DxPTiHZj7UJ9abddhX8kqR77Atwr4d2yYwLL5/Emil4+/HVCv/wQqwvyna9s+LNU0r0rLN3rlenOyb7HVEbPGdiCGTpOhA6mZRf0tqbmBFKe4c2ddd4HGpB8lvaNZbrUTLlgHmf1ta72b+uCfWpnmgoLrM8WjFiHynYuIc+CXDlvc72BEMsI23OusrXoi+z/DhgYXNjOJRvzadb1TZ2tC+e0MXYAhDxJ8pE9ZE2hSSOytdirUhyTQtJ3S7fv8Ktjrtq5vn9LRwFaKScDJWCpX4CMZ/fl7T377FyR/sNYXy7O5AT/DQCnUEX2ekd++aeXA0GxzAQlSS2lZk9lilqOSw6UDYglSWxORerkC2QUc=
|
||||||
|
{% if ssh_known_hosts is defined %}
|
||||||
|
{% for item in ssh_known_hosts %}
|
||||||
|
{{ item }}
|
||||||
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
2
vars/main.yml
Normal file
2
vars/main.yml
Normal file
|
|
@ -0,0 +1,2 @@
|
||||||
|
---
|
||||||
|
ssh_client_global_known_hosts_file: /etc/ssh/ssh_known_hosts
|
||||||
Loading…
Add table
Add a link
Reference in a new issue