diff options
author | Christian Pointner <equinox@spreadspace.org> | 2023-10-26 13:58:00 +0200 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2023-10-26 13:58:00 +0200 |
commit | def061765aa3f4422472bc08a65bfc3e7f57b3ea (patch) | |
tree | 6b4173aabd89073d921a7a5834a55ee781bd078a /roles/apps/whawty/auth/instance/templates/sync-sshd_config.j2 | |
parent | x509/certs: fix renewal scripts (diff) |
apps/whawty/auth: app no longer runs as root and switch to new sync
Diffstat (limited to 'roles/apps/whawty/auth/instance/templates/sync-sshd_config.j2')
-rw-r--r-- | roles/apps/whawty/auth/instance/templates/sync-sshd_config.j2 | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/roles/apps/whawty/auth/instance/templates/sync-sshd_config.j2 b/roles/apps/whawty/auth/instance/templates/sync-sshd_config.j2 new file mode 100644 index 00000000..65a11d80 --- /dev/null +++ b/roles/apps/whawty/auth/instance/templates/sync-sshd_config.j2 @@ -0,0 +1,29 @@ +Port {{ whawty_auth_instances[whawty_auth_instance].sync.port }} +ListenAddress 0.0.0.0 +ListenAddress :: + +HostKey /config/ssh_host_ed25519_key +PidFile none + +PermitRootLogin no +PubkeyAuthentication yes + +HostbasedAuthentication no +PasswordAuthentication no +PermitEmptyPasswords no +KbdInteractiveAuthentication no + +AllowAgentForwarding no +AllowTcpForwarding no +GatewayPorts no +X11Forwarding no +PermitTTY no +UseDNS no +PermitTunnel no +AllowStreamLocalForwarding no +AllowTcpForwarding no + +ForceCommand /usr/bin/rsync --server --daemon --config /config/rsyncd.conf . + +AllowUsers sync +AuthorizedKeysFile /config/authorized_keys |