mirror of
http://172.20.10.11:3000/gitadmin/INSIGHT-MVP.git
synced 2026-06-25 00:16:41 +02:00
36196457ea
- Alle Ansible-Rollen erstellt: common, disk_setup, docker, postgresql, pgbouncer, redis, nginx, zabbix_agent - ansible.cfg mit Pipeline-Optimierung - hosts.yml mit echten IPs (DBS01=.20, APS01=.21, WEB01=.22) - group_vars für alle Server (dbs, aps, web) - Zabbix-Server auf sentinel.xinion.de gesetzt - vault.yml.example als Vorlage für Secrets - site.yml nutzt import_playbook (DBS01→APS01→WEB01) - BRIEFING.md für alle 4 Repos angelegt (Platform, Apps, Infra, Shared) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
26 lines
657 B
Django/Jinja
26 lines
657 B
Django/Jinja
# sshd_config — Managed by Ansible (INSIGHT-Infra)
|
|
Port {{ ssh_port | default(22) }}
|
|
AddressFamily inet
|
|
ListenAddress 0.0.0.0
|
|
|
|
# Authentication
|
|
PermitRootLogin {{ ssh_permit_root_login | default('no') }}
|
|
PasswordAuthentication {{ ssh_password_authentication | default('no') }}
|
|
PubkeyAuthentication {{ ssh_pubkey_authentication | default('yes') }}
|
|
AuthorizedKeysFile .ssh/authorized_keys
|
|
ChallengeResponseAuthentication no
|
|
UsePAM yes
|
|
|
|
# Security
|
|
X11Forwarding no
|
|
AllowTcpForwarding no
|
|
PermitEmptyPasswords no
|
|
MaxAuthTries 3
|
|
LoginGraceTime 30
|
|
|
|
# Session
|
|
ClientAliveInterval 300
|
|
ClientAliveCountMax 2
|
|
|
|
# Subsystem
|
|
Subsystem sftp /usr/lib/openssh/sftp-server
|