lilik_playbook

967 KiB

Tree: 6a8ed9911d

Author	SHA1	Message	Date
Zolfa	fafcb7151f	fixup! Give Variable a Scope Refactoring	5 years ago
Zolfa	f47d64ba7e	updated group_vars/all.yaml example file	5 years ago
Zolfa	e007dc0c22	group_vars/all.yaml: new example file	5 years ago
Zolfa	1ca9f816d8	roles/ssh_server: multi key and OpenSSH v8 support Add support for OpenSSH v8 (ouput of `ssh-keygen` changed slightly) in module `ssh_cert` and use a better implementation for multiple user CA. Now we are reading user_ca from `group_vars/all.yaml`. `user_ca_keys` should be list of each allowed User CA on one host (in this way is easier to rotate CAs without reissuing keys to each user at the same time). The production CA must be the first one in the list. Host certificate will be checked only against the first CA and updated if their host key was issued from another CA in the list. For this reason now we are using a template to create `/etc/ssh/user_ca.pub` on the target, to preserve the key order. `group_vars/all.yaml.example` has been updated to reflect the new usage.	5 years ago
Edoardo Putti	2c6f0539ee	add gateway for different vlan to group_vars	7 years ago
Edoardo Putti	939c23183a	add domain to group_vars and use it in reverse proxy templates	8 years ago
Edoardo Putti	29aba60483	set ip to bind in reverse proxy http configuration Because we are using openwrt and we would like to mantain LUCI running on it's interface we can't bind on 0.0.0.0. or 127.0.0.1 hence we must listen on a specific ip. This will set the public ip from the group vars to be the one where we listen	8 years ago
Slash	7017a8deeb	Various LXC fixes.	9 years ago
kaos	f406f04b72	improved lxc_host	9 years ago

9 Commits (6a8ed9911de53b89772cec110d0a0b4cc37b2725)