infra: ssh.py annotate

annotate ssh.py @ 238:a521d08d2b0d

upgrade syncthing

author	drewp@bigasterisk.com
date	Mon, 27 Nov 2023 22:15:10 -0800
parents	ff8879eed64e
children	4e424a144183

rev	line source
12 15c5ce7c74b5 refactor, cleanup, split large deploys drewp@bigasterisk.com parents: diff changeset	1 from pyinfra import host
15c5ce7c74b5 refactor, cleanup, split large deploys drewp@bigasterisk.com parents: diff changeset	2 from pyinfra.facts.server import LinuxDistribution
15c5ce7c74b5 refactor, cleanup, split large deploys drewp@bigasterisk.com parents: diff changeset	3 from pyinfra.operations import files, systemd
15c5ce7c74b5 refactor, cleanup, split large deploys drewp@bigasterisk.com parents: diff changeset	4
15c5ce7c74b5 refactor, cleanup, split large deploys drewp@bigasterisk.com parents: diff changeset	5 is_pi = host.get_fact(LinuxDistribution)['name'] in ['Debian', 'Raspbian GNU/Linux']
15c5ce7c74b5 refactor, cleanup, split large deploys drewp@bigasterisk.com parents: diff changeset	6
15c5ce7c74b5 refactor, cleanup, split large deploys drewp@bigasterisk.com parents: diff changeset	7 systemd.service(
15c5ce7c74b5 refactor, cleanup, split large deploys drewp@bigasterisk.com parents: diff changeset	8 service='ssh',
15c5ce7c74b5 refactor, cleanup, split large deploys drewp@bigasterisk.com parents: diff changeset	9 running=True,
15c5ce7c74b5 refactor, cleanup, split large deploys drewp@bigasterisk.com parents: diff changeset	10 enabled=True,
15c5ce7c74b5 refactor, cleanup, split large deploys drewp@bigasterisk.com parents: diff changeset	11 )
15c5ce7c74b5 refactor, cleanup, split large deploys drewp@bigasterisk.com parents: diff changeset	12
15c5ce7c74b5 refactor, cleanup, split large deploys drewp@bigasterisk.com parents: diff changeset	13 files.line(path='/etc/ssh/ssh_config', line="HashKnownHosts", replace="HashKnownHosts no")
15c5ce7c74b5 refactor, cleanup, split large deploys drewp@bigasterisk.com parents: diff changeset	14
15c5ce7c74b5 refactor, cleanup, split large deploys drewp@bigasterisk.com parents: diff changeset	15 if is_pi:
15c5ce7c74b5 refactor, cleanup, split large deploys drewp@bigasterisk.com parents: diff changeset	16 auth_keys = '/home/pi/.ssh/authorized_keys'
15c5ce7c74b5 refactor, cleanup, split large deploys drewp@bigasterisk.com parents: diff changeset	17 files.file(path=auth_keys, user='pi', group='pi', mode=600)
15c5ce7c74b5 refactor, cleanup, split large deploys drewp@bigasterisk.com parents: diff changeset	18 for pubkey in [
15c5ce7c74b5 refactor, cleanup, split large deploys drewp@bigasterisk.com parents: diff changeset	19 'ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNlR7hereUHqw/RHQau0F7+vQZKAxduM+SD4R76FhC+4Zi078Pv04ZLe9qdM/NBlB/grLGhG58vaGmnWPpJ3QJs= drewp@plus',
15c5ce7c74b5 refactor, cleanup, split large deploys drewp@bigasterisk.com parents: diff changeset	20 'ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOR+iV8Qm/rAfmq0epXYfnp5ZTfBl8eidFzw1GmyZ3fPUFAshWn839fQ5DPj9xDPtMy9kTtrB5bK1SnynFzDqzQ= drewp@bang',
15c5ce7c74b5 refactor, cleanup, split large deploys drewp@bigasterisk.com parents: diff changeset	21 ]:
15c5ce7c74b5 refactor, cleanup, split large deploys drewp@bigasterisk.com parents: diff changeset	22 files.line(path=auth_keys, line=pubkey, replace=pubkey)
98 3d4340fbb16c finish moving these lines from system.py drewp@bigasterisk.com parents: 12 diff changeset	23
3d4340fbb16c finish moving these lines from system.py drewp@bigasterisk.com parents: 12 diff changeset	24 if not is_pi:
3d4340fbb16c finish moving these lines from system.py drewp@bigasterisk.com parents: 12 diff changeset	25 files.line(path='/etc/ssh/sshd_config', line="^UseDNS\b", replace="UseDNS no")
237 ff8879eed64e enable plus drewp@bigasterisk.com parents: 98 diff changeset	26 # MAYBE plus needs this fix: adding ListenAddress 0.0.0.0 to /etc/ssh/sshd_config
98 3d4340fbb16c finish moving these lines from system.py drewp@bigasterisk.com parents: 12 diff changeset	27 systemd.service(service='sshd', reloaded=True)

Mercurial > code > home > repos > infra

annotate ssh.py @ 238:a521d08d2b0d