LILiK
/
lilik_playbook
5
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Playbooks to a new Lilik
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
358 Commits
12 Branches
967 KiB
Tree: b1d583d97c
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'b1d583d97c'
${ noResults }
lilik_playbook/group_vars/all.yaml.example

37 lines
1.2 KiB
Raw Normal View History

Various LXC fixes.
9 years ago
updated group_vars/all.yaml example file
5 years ago
roles/ssh_server: multi key and OpenSSH v8 support Add support for OpenSSH v8 (ouput of `ssh-keygen` changed slightly) in module `ssh_cert` and use a better implementation for multiple user CA. Now we are reading user_ca from `group_vars/all.yaml`. `user_ca_keys` should be list of each allowed User CA on one host (in this way is easier to rotate CAs without reissuing keys to each user at the same time). The production CA must be the first one in the list. Host certificate will be checked only against the first CA and updated if their host key was issued from another CA in the list. For this reason now we are using a template to create `/etc/ssh/user_ca.pub` on the target, to preserve the key order. `group_vars/all.yaml.example` has been updated to reflect the new usage.
5 years ago
group_vars/all.yaml: new example file
5 years ago
updated group_vars/all.yaml example file
5 years ago
group_vars/all.yaml: new example file
5 years ago
updated group_vars/all.yaml example file
5 years ago
group_vars/all.yaml: new example file
5 years ago
 
  1. ---
  2. # Put here the public ip for your organisation
  3. public_ip: 0.0.0.0
  4. # Put here the domain for your organisation
  5. domain: "example.com"
  6. # Put here an email address to receive Let's Encrypt communications.
  7. letsencrypt_email: 'admin@example.com'
  8. 

  9. # Put the TLS X.509 Subject Prefix (before OU=)
  10. x509_subject_prefix: '/C=IT/L=Firenze/O=Example'
  11. # Here the same in LDAP (and reversed) format
  12. x509_ldap_suffix: 'o=Example,l=Firenze,c=it'
  13. 

  14. # Put here the public key of the user CAs.
  15. # The first one will be used also to check if host certificate are
  16. # updated.
  17. user_ca_keys:
  18.   - "ssh-ed25519 AAAA(...) Active Production key"
  19.   - "ssh-ed25519 AAAA(...) Older not-expired key"
  20. #  - "ssh-ed25519 AAAA(...) Revoked key"
  21. 

  22. # Put TLS Certificate of your Root Certification Authority
  23. tls_root_ca: |
  24.   -----BEGIN CERTIFICATE-----
  25.   #########################
  26.   -----END CERTIFICATE-----
  27. # Put TLS Certificate for OpenVPN Server Intermediate CA
  28. tls_vpn_user_ca: |
  29.   -----BEGIN CERTIFICATE-----
  30.   #########################
  31.   -----END CERTIFICATE-----
  32. # Put TLS Certificate for OpenVPN Users Intermediate CA
  33. tls_vpn_server_ca: |
  34.   -----BEGIN CERTIFICATE-----
  35.   ##########################
  36.   -----END CERTIFICATE-----
  37.