dustin
/
configpolicy
1
1
Fork 0
Code Issues Releases Activity
configpolicy/group_vars
History
Dustin f83cea50e9 r/ssu-user-ca: Configure sshd TrustedUserCAKeys 
The `TrustedUserCAKeys` setting for *sshd(8)* tells the server to accept
any certificates signed by keys listed in the specified file.
The authenticating username has to match one of the principals listed in
the certificate, of course.

This role is applied to all machines, via the `base.yml` playbook.
Certificates issued by the user CA managed by SSHCA will therefore be
trusted everywhere.  This brings us one step closer to eliminating the
dependency on Active Directory/Samba.
 		2024-02-01 18:46:40 -06:00
..
dch-gw Move dch_networks definition to all group 2018-10-13 12:43:35 -05:00
frigate frigate: Configure journal2ntfy for MD RAID 2023-06-08 10:05:36 -05:00
grafana grafana: Update LDAP server host name 2023-04-12 14:07:51 -05:00
metricspi metricspi: alerts: Increase Frigate disk threshold 2023-10-15 09:52:12 -05:00
nut nut: Add playbook for NUT 2021-10-31 14:28:27 -05:00
public-web r/web/hlc: Add formsubmit config for summer signup 2024-01-23 22:04:29 -06:00
pxe r/netboot/jenkins-agent: Configure NBD exports 2022-08-15 17:14:06 -05:00
pyrocufflink r/fileserver: Restrict non-administrators to SFTP 2024-02-01 10:29:32 -06:00
pyrocufflink-dns pyrocufflink-dns: Remove dc0 forwarder 2021-12-18 16:44:48 -06:00
synapse synapse: Back up data using BURP 2023-05-23 09:52:50 -05:00
unifi unifi: Deploy unifi_exporter 2024-01-21 16:12:29 -06:00
Fedora37.yml Fedora37: Set collectd SELinux domain permissive 2022-12-19 10:22:00 -06:00
all.yml r/ssu-user-ca: Configure sshd TrustedUserCAKeys 2024-02-01 18:46:40 -06:00
aria2.yml aria2: Deploy aria2 download manager 2018-08-19 14:17:48 -05:00
bitwarden_rs.yml vaultwarden: Change Domain URL 2023-03-03 11:17:07 -06:00
burp-client.yml hosts: Add burp1.p.b 2020-01-25 13:57:04 -06:00
burp-server.yml burp-server: Keep more backups 2023-07-17 16:36:37 -05:00
collectd.yml Switch Prometheus/collectd to pull 2021-10-30 16:41:17 -05:00
dch-vpn.yml dch-vpn: Avoid configuring firewalld 2018-10-13 12:19:25 -05:00
file-servers.yml file-servers: Set Apache ServerName 2023-12-29 10:46:13 -06:00
gitea.yml gitea: Back up with BURP 2023-04-12 14:07:51 -05:00
home-assistant.yml home-assistant: Back up Zigbee/ZWave/Mosquitto 2022-12-23 06:56:52 -06:00
jenkins-slave.yml jenkins-slave: Allow Jenkins to connect to Docker 2019-09-19 19:50:35 -05:00
k8s-controller.yml hosts: Add Kubernetes machines 2022-08-03 20:52:01 -05:00
k8s-node.yml hosts: Add Kubernetes machines 2022-08-03 20:52:01 -05:00
koji-hub.yml hosts: Add koji0.pyrocufflink.blue 2018-08-12 10:27:20 -05:00
koji.yml hosts: Add koji0.pyrocufflink.blue 2018-08-12 10:27:20 -05:00
kubelet.yml r/collectd: Ignore filesystems by path 2022-08-05 18:56:48 -05:00
nextcloud.yml nextcloud: Trust headers from public rev proxy 2021-12-20 22:20:09 -06:00
nut-monitor.yml nut-monitor: Require both UPS to be online 2024-01-25 21:22:04 -06:00
prometheus.yml Switch Prometheus/collectd to pull 2021-10-30 16:41:17 -05:00
pyrocufflink-dhcp.yml pyrocufflink-dhcp: DHCP reservations for VM hosts 2021-02-17 20:33:41 -06:00
radius.yml Move APs to Management network 2018-07-15 09:19:39 -05:00
repohost.yml r/repohost: Configure Yum package repo host 2023-11-07 20:51:10 -06:00
samba-dc.yml samba-dc: Omit tls cafile setting 2023-05-10 08:28:49 -05:00
smtp-relay.yml smtp-relay: Switch to Fastmail 2023-10-24 17:27:21 -05:00
taiga.yml taiga: Add playbook for Taiga 2019-09-19 19:51:45 -05:00
vm-hosts.yml vm-hosts: Increase VM start delay after K8s 2024-01-22 08:35:40 -06:00
zabbix-server.yml zabbix-server: Allow SMTP relay from any loopback 2019-04-15 10:05:04 -05:00
zabbix.yml hosts: Add hosts to zabbix group 2018-04-14 15:47:49 -05:00