dustin/configpolicy
1
1
Fork 0
Code Issues Releases Activity
817 Commits 14 Branches 0 Tags
f83cea50e9cfb723a3b9e6f5a9b7e389b1242305
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Dustin C. Hatch f83cea50e9 r/ssu-user-ca: Configure sshd TrustedUserCAKeys 
The `TrustedUserCAKeys` setting for *sshd(8)* tells the server to accept
any certificates signed by keys listed in the specified file.
The authenticating username has to match one of the principals listed in
the certificate, of course.

This role is applied to all machines, via the `base.yml` playbook.
Certificates issued by the user CA managed by SSHCA will therefore be
trusted everywhere.  This brings us one step closer to eliminating the
dependency on Active Directory/Samba.
2024-02-01 18:46:40 -06:00
.certs @ 13f97e4fa1
websites: dustin.hatch.name: Deploy new site
2022-04-23 15:30:40 -05:00
certs
hosts: Decommission dc-4k6s8e.p.b
2023-10-28 16:07:56 -05:00
ci
ci: Add Jenkins pipeline for UniFi controller
2024-01-21 16:12:29 -06:00
group_vars
r/ssu-user-ca: Configure sshd TrustedUserCAKeys
2024-02-01 18:46:40 -06:00
host_vars
gw1: Enable pam_ssh_agent_auth for sudo
2024-01-28 12:16:35 -06:00
passwords/kojiweb_secret
hosts: Add koji0.pyrocufflink.blue
2018-08-12 10:27:20 -05:00
roles
r/ssu-user-ca: Configure sshd TrustedUserCAKeys
2024-02-01 18:46:40 -06:00
vars
ci: Remove extraneous copy of ssh_known_hosts
2024-01-28 12:18:55 -06:00
vault
hosts: gw1: Deploy BURP, collectd
2024-01-19 20:52:48 -06:00
.gitignore
r/blackbox-exporter: Deploy blackbox_exporter
2022-08-10 22:18:53 -05:00
.gitmodules
certs: Add certificates submodule
2020-02-22 16:28:06 -06:00
.vault-secret.sh
vault-secret: Get key from Bitwarden
2023-04-23 20:05:00 -05:00
alertmanager.yml
r/alertmanager: Deploy AlertManager
2022-08-10 22:18:53 -05:00
ansible.cfg
ansible.cfg: Disable stupid group name warning
2019-09-19 19:50:35 -05:00
ansible.yml
ansible: Install Ansible
2018-04-08 12:20:03 -05:00
aria2.yml
aria2: Deploy aria2 download manager
2018-08-19 14:17:48 -05:00
base.yml
r/ssu-user-ca: Configure sshd TrustedUserCAKeys
2024-02-01 18:46:40 -06:00
bitwarden_rs.yml
bitwarden_rs: Deploy Bitwarden_rs using Docker
2019-09-19 19:27:29 -05:00
blackbox-exporter.yml
r/blackbox-exporter: Deploy blackbox_exporter
2022-08-10 22:18:53 -05:00
burp-client.yml
burp-client: Switch from cron to systemd timer
2023-05-23 09:51:07 -05:00
burp-server.yml
burp-{client,server}: PBs to deploy BURP
2018-08-08 20:14:25 -05:00
certbot.yml
certbot: Playbook to deploy certbot
2018-06-13 22:23:27 -05:00
collectd.yml
collect: Import dyngroups.yml playbook
2022-12-19 10:20:57 -06:00
dch-gw.yml
dch-gw: Initial commit
2018-03-27 20:44:43 -05:00
dch-proxy.yml
dch-proxy: PB to deploy HAProxy
2018-07-01 15:19:20 -05:00
dch-root-ca.crt
pyrocufflink: Trust DCH Root CA
2018-06-04 20:03:55 -05:00
dch-vpn.yml
Move VPN server to dedicated VM
2018-10-07 21:42:18 -05:00
dhcpcd.yml
dhcpcd: Install and configure dhcpcd
2018-03-13 23:19:50 -05:00
dhcpd.yml
dhcpd: Install and configure ISC DHCPD
2018-03-27 20:44:43 -05:00
docker.yml
roles/docker: Install and set up Docker daemon
2019-09-19 19:27:12 -05:00
domain-controller.yml
domain-controller: Configure local AD authentication
2018-03-11 18:16:17 -05:00
dyngroups.yml
dyngroups: Always run all tasks
2024-01-09 18:18:34 -06:00
facts.yml
facts: Do not collect facts in first play
2023-10-27 17:40:50 -05:00
fileserver.yml
fileserver: Configure Apache ~user directories
2019-01-04 20:52:23 -06:00
firewalld.yml
firewalld: Playbook to bootstrap firewalld
2018-01-29 15:11:07 -06:00
frigate.yml
r/frigate: Add role to deploy Frigate
2021-08-21 17:16:58 -05:00
gitea.yml
r/gitea: use sshd_config.d
2023-11-13 17:45:21 -06:00
grafana.yml
grafana: Redirect HTTP to HTTPS
2022-08-10 21:55:54 -05:00
graylog.yml
graylog: Add PB to deploy Graylog server
2019-10-28 18:47:09 -05:00
hassdb.yml
hassdb: Fix playbook
2020-08-29 14:22:17 -05:00
homeassistant.yml
homeassistant: Split out Zigbee/Zwave playbooks
2021-12-18 16:45:52 -06:00
hostname.yml
hostname: Also write /etc/hosts
2018-04-08 10:11:43 -05:00
hosts
hosts: Decommission serial0.p.b
2024-01-25 20:22:00 -06:00
hosts.gw
hosts: Deploy Squid on gw1
2024-01-27 20:09:34 -06:00
hosts.offline
nut-monitor: Configure upsmon
2024-01-19 20:50:03 -06:00
jellyfin.yml
jellyfin: Deploy Jellyfin media server
2023-09-12 13:38:35 -05:00
jenkins-slave.yml
jenkins-slave: Apply ssh-hostkeys role
2018-04-08 12:32:02 -05:00
journal2ntfy.yml
journal2ntfy: Script to send log messagess via ntfy
2023-05-17 14:51:21 -05:00
koji-builder.yml
koji: Add playbooks for Koji
2018-08-12 10:14:25 -05:00
koji-hub.yml
koji: Add playbooks for Koji
2018-08-12 10:14:25 -05:00
koji-web.yml
koji: Add playbooks for Koji
2018-08-12 10:14:25 -05:00
koji.yml
koji: Add playbooks for Koji
2018-08-12 10:14:25 -05:00
kube-root-ca.crt
metrics: Scrape metrics from Kubernetes API server
2023-05-22 21:21:08 -05:00
metricspi.yml
metricspi: Apply victoria-metrics-nginx role
2022-08-12 13:14:41 -05:00
minio.yml
minio: Install and configure MinIO
2023-05-09 21:37:46 -05:00
motioneye.yml
motioneye: Deploy motionEye camera software
2020-10-03 11:29:39 -05:00
named-server.yml
named-server: Playbook to deploy BIND
2018-01-29 15:10:04 -06:00
net-ifaces.yml
net-ifaces: PB to apply net-ifaces role
2018-07-23 17:35:10 -05:00
network.yml
network: Playbook to configure networking
2018-03-27 20:44:43 -05:00
nextcloud.yml
roles/cert: Add handler topic notification
2020-12-26 10:38:17 -06:00
ntp.yml
ntp: Initial PB and role to set up ntpd
2018-04-22 11:19:22 -05:00
nut.yml
nut-monitor: Configure upsmon
2024-01-19 20:50:03 -06:00
postgresql.yml
postgresql: PB to deploy PostgreSQL server
2018-04-14 15:28:46 -05:00
protonvpn.yml
pyrocufflink-dns: Cloudflare over ProtonVPN
2020-09-06 11:06:58 -05:00
pxe.yml
r/netboot/basementhud: Configure NBD export
2022-08-15 17:18:48 -05:00
pyrocufflink.yml
pyrocufflink: Trust DCH Root CA
2018-06-04 20:03:55 -05:00
radius.yml
radius: PB to configure RADIUS servers
2018-05-06 13:09:18 -05:00
radvd.yml
radvd: Install and configure radvd
2018-03-27 20:44:43 -05:00
remount.yml
remount: Do not remount SquashFS volumes
2022-08-12 13:40:06 -05:00
repohost.yml
r/repohost: Configure Yum package repo host
2023-11-07 20:51:10 -06:00
rngd.yml
rngd: PB to set up rngd
2018-08-13 20:25:22 -05:00
samba-dc.yml
samba-dc: Do not apply sudo role
2023-10-27 17:57:20 -05:00
smtp-relay.yml
smtp-relay: PB to deploy Postfix SMTP relay
2018-04-15 11:38:51 -05:00
squid.yml
squid: Add role and PB to deploy Squid
2018-08-12 16:00:32 -05:00
synapse.yml
roles/synapse: Add cert role dependency
2021-01-31 15:38:18 -06:00
systemd-networkd.yml
r/systemd-networkd: Role to configure networkd
2021-10-10 16:09:15 -05:00
systemd-resolved.yml
r/systemd-resolved: Manage systemd resolver daemon
2022-08-12 14:35:14 -05:00
taiga.yml
taiga: Add playbook for Taiga
2019-09-19 19:51:45 -05:00
unifi.yml
unifi: Deploy Unifi Network controller
2023-07-07 10:05:01 -05:00
victoria-metrics.yml
r/vmalert: Deploy vmalert
2022-08-11 21:40:19 -05:00
vmhost.yml
r/vmhost: mount shared filesystems
2021-10-10 16:09:15 -05:00
websites.yml
websites: Add hatchlearningcenter.org
2022-11-30 22:04:29 -06:00
wheelhost.yml
wheelhost: Publish wheels built by Jenkins
2019-03-22 10:19:27 -05:00
zabbix-agent.yml
zabbix: Playbooks for Zabbix server, agents
2018-04-14 15:31:17 -05:00
zabbix-server.yml
zabbix: Playbooks for Zabbix server, agents
2018-04-14 15:31:17 -05:00
zabbix.yml
zabbix: Playbooks for Zabbix server, agents
2018-04-14 15:31:17 -05:00
zezere.yml
zezere: role/playbook to deploy Zezere
2021-07-05 09:34:25 -05:00
zigbee2mqtt.yml
homeassistant: Split out Zigbee/Zwave playbooks
2021-12-18 16:45:52 -06:00
zwavejs2mqtt.yml
homeassistant: Split out Zigbee/Zwave playbooks
2021-12-18 16:45:52 -06:00
Description
Ansible configuration policy for the private network/home lab of Dustin C. Hatch
http://dustin.hatch.name/
7.7 MiB
Languages
Jinja 86.2%
Python 6.6%
Shell 4.6%
Groovy 2.6%