diff options
Diffstat (limited to 'roles')
13 files changed, 15 insertions, 14 deletions
diff --git a/roles/cloud/install/templates/hetzner_postinst.sh.j2 b/roles/cloud/install/templates/hetzner_postinst.sh.j2 index 329469be..d79ee957 100644 --- a/roles/cloud/install/templates/hetzner_postinst.sh.j2 +++ b/roles/cloud/install/templates/hetzner_postinst.sh.j2 @@ -36,7 +36,7 @@ cat <<EOK > /root/.ssh/authorized_keys {{ ssh_keys_root | join('\n') }} EOK {% if ansible_port is defined %} -sed -e 's/^\(\s*#*\s*Port.*\)/Port {{ ansible_port }}/' -i /etc/ssh/sshd_config +sed -e 's/^\s*#*\s*Port\s\s*[0-9][0-9]*$/Port {{ ansible_port }}/' -i /etc/ssh/sshd_config {% endif %} {# this is actually only needed on ubuntu bionic and beyond but should not hurt on other installations either #} diff --git a/roles/installer/debian/preseed/templates/preseed_debian-bookworm.cfg.j2 b/roles/installer/debian/preseed/templates/preseed_debian-bookworm.cfg.j2 index 6b8e70f9..3e86b048 100644 --- a/roles/installer/debian/preseed/templates/preseed_debian-bookworm.cfg.j2 +++ b/roles/installer/debian/preseed/templates/preseed_debian-bookworm.cfg.j2 @@ -96,7 +96,7 @@ d-i preseed/late_command string \ {% endif %} in-target bash -c "passwd -d root && passwd -l root"; \ {% if ansible_port is defined %} - in-target bash -c "sed -e 's/^\(\s*#*\s*Port.*\)/Port {{ ansible_port }}/' -i /etc/ssh/sshd_config"; \ + in-target bash -c "sed -e 's/^\s*#*\s*Port\s\s*[0-9][0-9]*$/Port {{ ansible_port }}/' -i /etc/ssh/sshd_config"; \ {% endif %} mkdir -p -m 0700 /target/root/.ssh; \ cp /authorized_keys /target/root/.ssh/ diff --git a/roles/installer/debian/preseed/templates/preseed_debian-bullseye.cfg.j2 b/roles/installer/debian/preseed/templates/preseed_debian-bullseye.cfg.j2 index fdc65ff7..0649b18f 100644 --- a/roles/installer/debian/preseed/templates/preseed_debian-bullseye.cfg.j2 +++ b/roles/installer/debian/preseed/templates/preseed_debian-bullseye.cfg.j2 @@ -90,7 +90,7 @@ d-i preseed/late_command string \ {% endif %} in-target bash -c "passwd -d root && passwd -l root"; \ {% if ansible_port is defined %} - in-target bash -c "sed -e 's/^\(\s*#*\s*Port.*\)/Port {{ ansible_port }}/' -i /etc/ssh/sshd_config"; \ + in-target bash -c "sed -e 's/^\s*#*\s*Port\s\s*[0-9][0-9]*$/Port {{ ansible_port }}/' -i /etc/ssh/sshd_config"; \ {% endif %} mkdir -p -m 0700 /target/root/.ssh; \ cp /authorized_keys /target/root/.ssh/ diff --git a/roles/installer/debian/preseed/templates/preseed_debian-buster.cfg.j2 b/roles/installer/debian/preseed/templates/preseed_debian-buster.cfg.j2 index 575f44a9..209cd1b7 100644 --- a/roles/installer/debian/preseed/templates/preseed_debian-buster.cfg.j2 +++ b/roles/installer/debian/preseed/templates/preseed_debian-buster.cfg.j2 @@ -90,7 +90,7 @@ d-i preseed/late_command string \ {% endif %} in-target bash -c "passwd -d root && passwd -l root"; \ {% if ansible_port is defined %} - in-target bash -c "sed -e 's/^\(\s*#*\s*Port.*\)/Port {{ ansible_port }}/' -i /etc/ssh/sshd_config"; \ + in-target bash -c "sed -e 's/^\s*#*\s*Port\s\s*[0-9][0-9]*$/Port {{ ansible_port }}/' -i /etc/ssh/sshd_config"; \ {% endif %} mkdir -p -m 0700 /target/root/.ssh; \ cp /authorized_keys /target/root/.ssh/ diff --git a/roles/installer/debian/preseed/templates/preseed_debian-jessie.cfg.j2 b/roles/installer/debian/preseed/templates/preseed_debian-jessie.cfg.j2 index 3ad35d5a..87a90060 100644 --- a/roles/installer/debian/preseed/templates/preseed_debian-jessie.cfg.j2 +++ b/roles/installer/debian/preseed/templates/preseed_debian-jessie.cfg.j2 @@ -87,7 +87,7 @@ d-i preseed/late_command string \ {% endif %} in-target bash -c "passwd -d root && passwd -l root"; \ {% if ansible_port is defined %} - in-target bash -c "sed -e 's/^\(\s*#*\s*Port.*\)/Port {{ ansible_port }}/' -i /etc/ssh/sshd_config"; \ + in-target bash -c "sed -e 's/^\s*#*\s*Port\s\s*[0-9][0-9]*$/Port {{ ansible_port }}/' -i /etc/ssh/sshd_config"; \ {% endif %} mkdir -p -m 0700 /target/root/.ssh; \ cp /authorized_keys /target/root/.ssh/ diff --git a/roles/installer/debian/preseed/templates/preseed_debian-stretch.cfg.j2 b/roles/installer/debian/preseed/templates/preseed_debian-stretch.cfg.j2 index 7d6137e4..3c682d81 100644 --- a/roles/installer/debian/preseed/templates/preseed_debian-stretch.cfg.j2 +++ b/roles/installer/debian/preseed/templates/preseed_debian-stretch.cfg.j2 @@ -87,7 +87,7 @@ d-i preseed/late_command string \ {% endif %} in-target bash -c "passwd -d root && passwd -l root"; \ {% if ansible_port is defined %} - in-target bash -c "sed -e 's/^\(\s*#*\s*Port.*\)/Port {{ ansible_port }}/' -i /etc/ssh/sshd_config"; \ + in-target bash -c "sed -e 's/^\s*#*\s*Port\s\s*[0-9][0-9]*$/Port {{ ansible_port }}/' -i /etc/ssh/sshd_config"; \ {% endif %} mkdir -p -m 0700 /target/root/.ssh; \ cp /authorized_keys /target/root/.ssh/ diff --git a/roles/installer/debian/preseed/templates/preseed_kali-kali-rolling.cfg.j2 b/roles/installer/debian/preseed/templates/preseed_kali-kali-rolling.cfg.j2 index fc9a84a5..7e2fe535 100644 --- a/roles/installer/debian/preseed/templates/preseed_kali-kali-rolling.cfg.j2 +++ b/roles/installer/debian/preseed/templates/preseed_kali-kali-rolling.cfg.j2 @@ -88,7 +88,7 @@ d-i preseed/late_command string \ {% endif %} in-target bash -c "passwd -d root && passwd -l root"; \ {% if ansible_port is defined %} - in-target bash -c "sed -e 's/^\(\s*#*\s*Port.*\)/Port {{ ansible_port }}/' -i /etc/ssh/sshd_config"; \ + in-target bash -c "sed -e 's/^\s*#*\s*Port\s\s*[0-9][0-9]*$/Port {{ ansible_port }}/' -i /etc/ssh/sshd_config"; \ {% endif %} in-target bash -c "systemctl enable ssh"; \ mkdir -p -m 0700 /target/root/.ssh; \ diff --git a/roles/installer/debian/preseed/templates/preseed_ubuntu-bionic.cfg.j2 b/roles/installer/debian/preseed/templates/preseed_ubuntu-bionic.cfg.j2 index 9d644e4d..1446ab2c 100644 --- a/roles/installer/debian/preseed/templates/preseed_ubuntu-bionic.cfg.j2 +++ b/roles/installer/debian/preseed/templates/preseed_ubuntu-bionic.cfg.j2 @@ -107,7 +107,7 @@ d-i preseed/late_command string \ {% endif %} in-target bash -c "passwd -d root && passwd -l root"; \ {% if ansible_port is defined %} - in-target bash -c "sed -e 's/^\(\s*#*\s*Port.*\)/Port {{ ansible_port }}/' -i /etc/ssh/sshd_config"; \ + in-target bash -c "sed -e 's/^\s*#*\s*Port\s\s*[0-9][0-9]*$/Port {{ ansible_port }}/' -i /etc/ssh/sshd_config"; \ {% endif %} mkdir -p -m 0700 /target/root/.ssh; \ cp /authorized_keys /target/root/.ssh/ diff --git a/roles/installer/debian/preseed/templates/preseed_ubuntu-focal.cfg.j2 b/roles/installer/debian/preseed/templates/preseed_ubuntu-focal.cfg.j2 index 48cc16bb..c2689623 100644 --- a/roles/installer/debian/preseed/templates/preseed_ubuntu-focal.cfg.j2 +++ b/roles/installer/debian/preseed/templates/preseed_ubuntu-focal.cfg.j2 @@ -110,7 +110,7 @@ d-i preseed/late_command string \ {% endif %} in-target bash -c "passwd -d root && passwd -l root"; \ {% if ansible_port is defined %} - in-target bash -c "sed -e 's/^\(\s*#*\s*Port.*\)/Port {{ ansible_port }}/' -i /etc/ssh/sshd_config"; \ + in-target bash -c "sed -e 's/^\s*#*\s*Port\s\s*[0-9][0-9]*$/Port {{ ansible_port }}/' -i /etc/ssh/sshd_config"; \ {% endif %} mkdir -p -m 0700 /target/root/.ssh; \ cp /authorized_keys /target/root/.ssh/ diff --git a/roles/installer/debian/preseed/templates/preseed_ubuntu-xenial.cfg.j2 b/roles/installer/debian/preseed/templates/preseed_ubuntu-xenial.cfg.j2 index 8bfbe61a..b8fd1110 100644 --- a/roles/installer/debian/preseed/templates/preseed_ubuntu-xenial.cfg.j2 +++ b/roles/installer/debian/preseed/templates/preseed_ubuntu-xenial.cfg.j2 @@ -100,7 +100,7 @@ d-i preseed/late_command string \ {% endif %} in-target bash -c "passwd -d root && passwd -l root"; \ {% if ansible_port is defined %} - in-target bash -c "sed -e 's/^\(\s*#*\s*Port.*\)/Port {{ ansible_port }}/' -i /etc/ssh/sshd_config"; \ + in-target bash -c "sed -e 's/^\s*#*\s*Port\s\s*[0-9][0-9]*$/Port {{ ansible_port }}/' -i /etc/ssh/sshd_config"; \ {% endif %} mkdir -p -m 0700 /target/root/.ssh; \ cp /authorized_keys /target/root/.ssh/ diff --git a/roles/installer/openbsd/autoinstall/templates/install.site.j2 b/roles/installer/openbsd/autoinstall/templates/install.site.j2 index 3608c9a4..72daa488 100644 --- a/roles/installer/openbsd/autoinstall/templates/install.site.j2 +++ b/roles/installer/openbsd/autoinstall/templates/install.site.j2 @@ -10,7 +10,7 @@ EOF {% if ansible_port is defined %} echo "Setting SSH port to {{ ansible_port }}" -sed -e 's/^\(\s*#*\s*Port.*\)/Port {{ ansible_port }}/' -i /etc/ssh/sshd_config +sed -e 's/^\s*#*\s*Port\s\s*[0-9][0-9]*$/Port {{ ansible_port }}/' -i /etc/ssh/sshd_config {% endif %} echo "Installing python" diff --git a/roles/installer/ubuntu/autoinstall/templates/autoinstall.yml.j2 b/roles/installer/ubuntu/autoinstall/templates/autoinstall.yml.j2 index 125e8d82..2a5ad758 100644 --- a/roles/installer/ubuntu/autoinstall/templates/autoinstall.yml.j2 +++ b/roles/installer/ubuntu/autoinstall/templates/autoinstall.yml.j2 @@ -248,13 +248,14 @@ autoinstall: late-commands: - curtin in-target --target=/target -- swapoff -a; sed -e '/^\/swapfile/d' -e '/^\/swap\.img/d' -i /etc/fstab; rm -f /swapfile /swap.img {% if ansible_port is defined %} - - curtin in-target --target=/target -- sed -e 's/^\(\s*#*\s*Port.*\)/Port {{ ansible_port }}/' -i /etc/ssh/sshd_config + - curtin in-target --target=/target -- sed -e 's/^\s*#*\s*Port\s\s*[0-9][0-9]*$/Port {{ ansible_port }}/' -i /etc/ssh/sshd_config + - curtin in-target --target=/target -- bash -c "mkdir -p /etc/systemd/system/ssh.socket.d; echo -e '[Socket]\nListenStream=\nListenStream={{ ansible_port }}' > /etc/systemd/system/ssh.socket.d/port.conf" {% endif %} - curtin in-target --target=/target -- apt-get -y -q purge multipath-tools open-vm-tools - curtin in-target --target=/target -- apt-get -y -q purge systemd-oomd {% if ubuntu_autoinstall_desktop is undefined %} - curtin in-target --target=/target -- apt-mark manual iputils-ping isc-dhcp-client netcat-openbsd netplan.io sudo - - curtin in-target --target=/target -- apt-get -y -q purge policykit-1 ubuntu-minimal unattended-upgrades sound-theme-freedesktop thin-provisioning-tools cryptsetup byobu open-iscsi btrfs-progs pollinate lxd-agent-loader ufw + - curtin in-target --target=/target -- apt-get -y -q purge policykit-1 ubuntu-minimal unattended-upgrades ubuntu-advantage-tools sound-theme-freedesktop thin-provisioning-tools cryptsetup byobu open-iscsi btrfs-progs pollinate lxd-agent-loader ufw {% if install.disks.primary != "software-raid" %} - curtin in-target --target=/target -- apt-get -y -q purge mdadm {% endif %} diff --git a/roles/raspios/image/templates/firstrun.sh.j2 b/roles/raspios/image/templates/firstrun.sh.j2 index 2ff0fd59..d5e72fcc 100644 --- a/roles/raspios/image/templates/firstrun.sh.j2 +++ b/roles/raspios/image/templates/firstrun.sh.j2 @@ -23,7 +23,7 @@ systemctl restart dhcpcd.service {% endif %} {% if ansible_port != 22 %} -sed -e 's/^#*Port .*$/Port {{ ansible_port }}/' -i /etc/ssh/sshd_config +sed -e 's/^\s*#*\s*Port\s\s*[0-9][0-9]*$/Port {{ ansible_port }}/' -i /etc/ssh/sshd_config {% endif %} install -m 0700 -d /root/.ssh install -m 0644 /boot/firstrun.authorized_keys /root/.ssh/authorized_keys |