diff options
| author | Romain Gonçalves <me@rgoncalves.se> | 2021-12-30 15:39:08 +0000 |
|---|---|---|
| committer | Romain Gonçalves <me@rgoncalves.se> | 2021-12-30 15:50:40 +0000 |
| commit | 6b106cce38106e7beb9db623a9d98784cb8bbc86 (patch) | |
| tree | a7ec7381526c44dd778ab3a911e55b654c1746eb | |
| parent | d39f2e2ac88b107014c373b380eb76adae0f91ee (diff) | |
| download | rules-6b106cce38106e7beb9db623a9d98784cb8bbc86.tar.gz | |
ansible_port: Add ssh port switch to network roles
| -rw-r--r-- | host_vars/dc0.yml | 2 | ||||
| -rw-r--r-- | roles/pf/tasks/main.yml | 2 | ||||
| -rw-r--r-- | roles/pf/templates/pf.conf.j2 | 2 | ||||
| -rw-r--r-- | roles/sshd/tasks/main.yml | 2 | ||||
| -rw-r--r-- | roles/sshd/templates/sshd_config.j2 | 3 | ||||
| -rw-r--r-- | roles/workstation/templates/ssh.config.j2 | 6 |
6 files changed, 14 insertions, 3 deletions
diff --git a/host_vars/dc0.yml b/host_vars/dc0.yml index 6bc7c96..970778f 100644 --- a/host_vars/dc0.yml +++ b/host_vars/dc0.yml @@ -1,5 +1,7 @@ httpd_use_nfs: false +ansible_port: 71 + __is_vm: true __ip: diff --git a/roles/pf/tasks/main.yml b/roles/pf/tasks/main.yml index 3924a89..e5b8af8 100644 --- a/roles/pf/tasks/main.yml +++ b/roles/pf/tasks/main.yml @@ -12,6 +12,6 @@ - name: test ssh connection on new pf rule wait_for: - port: 22 + port: "{{ ansible_port }}" delay: 2 state: started diff --git a/roles/pf/templates/pf.conf.j2 b/roles/pf/templates/pf.conf.j2 index 6bc936a..1b51fe7 100644 --- a/roles/pf/templates/pf.conf.j2 +++ b/roles/pf/templates/pf.conf.j2 @@ -8,7 +8,7 @@ set skip on { lo wg0 } block all # force ssh if not present below -pass in quick on egress proto tcp to port 22 +pass in quick on egress proto tcp to port {{ ansible_port }} # host services {% for service in __services %} diff --git a/roles/sshd/tasks/main.yml b/roles/sshd/tasks/main.yml index 54ef9c2..f1af386 100644 --- a/roles/sshd/tasks/main.yml +++ b/roles/sshd/tasks/main.yml @@ -17,6 +17,6 @@ - name: check ssh connection wait_for: - port: 22 + port: "{{ ansible_port }}" delay: 1 state: started diff --git a/roles/sshd/templates/sshd_config.j2 b/roles/sshd/templates/sshd_config.j2 index 534ea39..f40e160 100644 --- a/roles/sshd/templates/sshd_config.j2 +++ b/roles/sshd/templates/sshd_config.j2 @@ -1,5 +1,8 @@ # managed by Ansible +# network +Port {{ ansible_port }} + # security PermitRootLogin yes MaxAuthTries 6 diff --git a/roles/workstation/templates/ssh.config.j2 b/roles/workstation/templates/ssh.config.j2 index 2915a1a..2a3a903 100644 --- a/roles/workstation/templates/ssh.config.j2 +++ b/roles/workstation/templates/ssh.config.j2 @@ -5,7 +5,13 @@ {% set command = "pgrep wg && ! ping -c 1 -w 1 %s" % h.__ip.external %} Match originalHost {{ h.inventory_hostname }} exec "{{ command }}" HostName {{ h.__ip.internal }} +{% if h.ansible_port is defined %} + Port {{ h.ansible_port }} +{% endif %} Match originalHost {{ h.inventory_hostname }} HostName {{ h.__ip.external }} +{% if h.ansible_port is defined %} + Port {{ h.ansible_port }} +{% endif %} {% endcall %} |