From 4e3053749991a09fbdf17ad93ee6654f4fbbf7a7 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Sun, 25 Feb 2024 01:28:18 +0100
Subject: installer/* improve regexp to set ssh port and fix ssh port config
 for newer ubuntu releases

---
 .../debian/preseed/templates/preseed_debian-bookworm.cfg.j2          | 2 +-
 .../debian/preseed/templates/preseed_debian-bullseye.cfg.j2          | 2 +-
 .../installer/debian/preseed/templates/preseed_debian-buster.cfg.j2  | 2 +-
 .../installer/debian/preseed/templates/preseed_debian-jessie.cfg.j2  | 2 +-
 .../installer/debian/preseed/templates/preseed_debian-stretch.cfg.j2 | 2 +-
 .../debian/preseed/templates/preseed_kali-kali-rolling.cfg.j2        | 2 +-
 .../installer/debian/preseed/templates/preseed_ubuntu-bionic.cfg.j2  | 2 +-
 roles/installer/debian/preseed/templates/preseed_ubuntu-focal.cfg.j2 | 2 +-
 .../installer/debian/preseed/templates/preseed_ubuntu-xenial.cfg.j2  | 2 +-
 roles/installer/openbsd/autoinstall/templates/install.site.j2        | 2 +-
 roles/installer/ubuntu/autoinstall/templates/autoinstall.yml.j2      | 5 +++--
 11 files changed, 13 insertions(+), 12 deletions(-)

(limited to 'roles/installer')

diff --git a/roles/installer/debian/preseed/templates/preseed_debian-bookworm.cfg.j2 b/roles/installer/debian/preseed/templates/preseed_debian-bookworm.cfg.j2
index 6b8e70f9..3e86b048 100644
--- a/roles/installer/debian/preseed/templates/preseed_debian-bookworm.cfg.j2
+++ b/roles/installer/debian/preseed/templates/preseed_debian-bookworm.cfg.j2
@@ -96,7 +96,7 @@ d-i preseed/late_command string \
 {% endif %}
     in-target bash -c "passwd -d root && passwd -l root"; \
 {% if ansible_port is defined %}
-    in-target bash -c "sed -e 's/^\(\s*#*\s*Port.*\)/Port {{ ansible_port }}/' -i /etc/ssh/sshd_config"; \
+    in-target bash -c "sed -e 's/^\s*#*\s*Port\s\s*[0-9][0-9]*$/Port {{ ansible_port }}/' -i /etc/ssh/sshd_config"; \
 {% endif %}
     mkdir -p -m 0700 /target/root/.ssh; \
     cp /authorized_keys /target/root/.ssh/
diff --git a/roles/installer/debian/preseed/templates/preseed_debian-bullseye.cfg.j2 b/roles/installer/debian/preseed/templates/preseed_debian-bullseye.cfg.j2
index fdc65ff7..0649b18f 100644
--- a/roles/installer/debian/preseed/templates/preseed_debian-bullseye.cfg.j2
+++ b/roles/installer/debian/preseed/templates/preseed_debian-bullseye.cfg.j2
@@ -90,7 +90,7 @@ d-i preseed/late_command string \
 {% endif %}
     in-target bash -c "passwd -d root && passwd -l root"; \
 {% if ansible_port is defined %}
-    in-target bash -c "sed -e 's/^\(\s*#*\s*Port.*\)/Port {{ ansible_port }}/' -i /etc/ssh/sshd_config"; \
+    in-target bash -c "sed -e 's/^\s*#*\s*Port\s\s*[0-9][0-9]*$/Port {{ ansible_port }}/' -i /etc/ssh/sshd_config"; \
 {% endif %}
     mkdir -p -m 0700 /target/root/.ssh; \
     cp /authorized_keys /target/root/.ssh/
diff --git a/roles/installer/debian/preseed/templates/preseed_debian-buster.cfg.j2 b/roles/installer/debian/preseed/templates/preseed_debian-buster.cfg.j2
index 575f44a9..209cd1b7 100644
--- a/roles/installer/debian/preseed/templates/preseed_debian-buster.cfg.j2
+++ b/roles/installer/debian/preseed/templates/preseed_debian-buster.cfg.j2
@@ -90,7 +90,7 @@ d-i preseed/late_command string \
 {% endif %}
     in-target bash -c "passwd -d root && passwd -l root"; \
 {% if ansible_port is defined %}
-    in-target bash -c "sed -e 's/^\(\s*#*\s*Port.*\)/Port {{ ansible_port }}/' -i /etc/ssh/sshd_config"; \
+    in-target bash -c "sed -e 's/^\s*#*\s*Port\s\s*[0-9][0-9]*$/Port {{ ansible_port }}/' -i /etc/ssh/sshd_config"; \
 {% endif %}
     mkdir -p -m 0700 /target/root/.ssh; \
     cp /authorized_keys /target/root/.ssh/
diff --git a/roles/installer/debian/preseed/templates/preseed_debian-jessie.cfg.j2 b/roles/installer/debian/preseed/templates/preseed_debian-jessie.cfg.j2
index 3ad35d5a..87a90060 100644
--- a/roles/installer/debian/preseed/templates/preseed_debian-jessie.cfg.j2
+++ b/roles/installer/debian/preseed/templates/preseed_debian-jessie.cfg.j2
@@ -87,7 +87,7 @@ d-i preseed/late_command string \
 {% endif %}
     in-target bash -c "passwd -d root && passwd -l root"; \
 {% if ansible_port is defined %}
-    in-target bash -c "sed -e 's/^\(\s*#*\s*Port.*\)/Port {{ ansible_port }}/' -i /etc/ssh/sshd_config"; \
+    in-target bash -c "sed -e 's/^\s*#*\s*Port\s\s*[0-9][0-9]*$/Port {{ ansible_port }}/' -i /etc/ssh/sshd_config"; \
 {% endif %}
     mkdir -p -m 0700 /target/root/.ssh; \
     cp /authorized_keys /target/root/.ssh/
diff --git a/roles/installer/debian/preseed/templates/preseed_debian-stretch.cfg.j2 b/roles/installer/debian/preseed/templates/preseed_debian-stretch.cfg.j2
index 7d6137e4..3c682d81 100644
--- a/roles/installer/debian/preseed/templates/preseed_debian-stretch.cfg.j2
+++ b/roles/installer/debian/preseed/templates/preseed_debian-stretch.cfg.j2
@@ -87,7 +87,7 @@ d-i preseed/late_command string \
 {% endif %}
     in-target bash -c "passwd -d root && passwd -l root"; \
 {% if ansible_port is defined %}
-    in-target bash -c "sed -e 's/^\(\s*#*\s*Port.*\)/Port {{ ansible_port }}/' -i /etc/ssh/sshd_config"; \
+    in-target bash -c "sed -e 's/^\s*#*\s*Port\s\s*[0-9][0-9]*$/Port {{ ansible_port }}/' -i /etc/ssh/sshd_config"; \
 {% endif %}
     mkdir -p -m 0700 /target/root/.ssh; \
     cp /authorized_keys /target/root/.ssh/
diff --git a/roles/installer/debian/preseed/templates/preseed_kali-kali-rolling.cfg.j2 b/roles/installer/debian/preseed/templates/preseed_kali-kali-rolling.cfg.j2
index fc9a84a5..7e2fe535 100644
--- a/roles/installer/debian/preseed/templates/preseed_kali-kali-rolling.cfg.j2
+++ b/roles/installer/debian/preseed/templates/preseed_kali-kali-rolling.cfg.j2
@@ -88,7 +88,7 @@ d-i preseed/late_command string \
 {% endif %}
     in-target bash -c "passwd -d root && passwd -l root"; \
 {% if ansible_port is defined %}
-    in-target bash -c "sed -e 's/^\(\s*#*\s*Port.*\)/Port {{ ansible_port }}/' -i /etc/ssh/sshd_config"; \
+    in-target bash -c "sed -e 's/^\s*#*\s*Port\s\s*[0-9][0-9]*$/Port {{ ansible_port }}/' -i /etc/ssh/sshd_config"; \
 {% endif %}
     in-target bash -c "systemctl enable ssh"; \
     mkdir -p -m 0700 /target/root/.ssh; \
diff --git a/roles/installer/debian/preseed/templates/preseed_ubuntu-bionic.cfg.j2 b/roles/installer/debian/preseed/templates/preseed_ubuntu-bionic.cfg.j2
index 9d644e4d..1446ab2c 100644
--- a/roles/installer/debian/preseed/templates/preseed_ubuntu-bionic.cfg.j2
+++ b/roles/installer/debian/preseed/templates/preseed_ubuntu-bionic.cfg.j2
@@ -107,7 +107,7 @@ d-i preseed/late_command string \
 {% endif %}
     in-target bash -c "passwd -d root && passwd -l root"; \
 {% if ansible_port is defined %}
-    in-target bash -c "sed -e 's/^\(\s*#*\s*Port.*\)/Port {{ ansible_port }}/' -i /etc/ssh/sshd_config"; \
+    in-target bash -c "sed -e 's/^\s*#*\s*Port\s\s*[0-9][0-9]*$/Port {{ ansible_port }}/' -i /etc/ssh/sshd_config"; \
 {% endif %}
     mkdir -p -m 0700 /target/root/.ssh; \
     cp /authorized_keys /target/root/.ssh/
diff --git a/roles/installer/debian/preseed/templates/preseed_ubuntu-focal.cfg.j2 b/roles/installer/debian/preseed/templates/preseed_ubuntu-focal.cfg.j2
index 48cc16bb..c2689623 100644
--- a/roles/installer/debian/preseed/templates/preseed_ubuntu-focal.cfg.j2
+++ b/roles/installer/debian/preseed/templates/preseed_ubuntu-focal.cfg.j2
@@ -110,7 +110,7 @@ d-i preseed/late_command string \
 {% endif %}
     in-target bash -c "passwd -d root && passwd -l root"; \
 {% if ansible_port is defined %}
-    in-target bash -c "sed -e 's/^\(\s*#*\s*Port.*\)/Port {{ ansible_port }}/' -i /etc/ssh/sshd_config"; \
+    in-target bash -c "sed -e 's/^\s*#*\s*Port\s\s*[0-9][0-9]*$/Port {{ ansible_port }}/' -i /etc/ssh/sshd_config"; \
 {% endif %}
     mkdir -p -m 0700 /target/root/.ssh; \
     cp /authorized_keys /target/root/.ssh/
diff --git a/roles/installer/debian/preseed/templates/preseed_ubuntu-xenial.cfg.j2 b/roles/installer/debian/preseed/templates/preseed_ubuntu-xenial.cfg.j2
index 8bfbe61a..b8fd1110 100644
--- a/roles/installer/debian/preseed/templates/preseed_ubuntu-xenial.cfg.j2
+++ b/roles/installer/debian/preseed/templates/preseed_ubuntu-xenial.cfg.j2
@@ -100,7 +100,7 @@ d-i preseed/late_command string \
 {% endif %}
     in-target bash -c "passwd -d root && passwd -l root"; \
 {% if ansible_port is defined %}
-    in-target bash -c "sed -e 's/^\(\s*#*\s*Port.*\)/Port {{ ansible_port }}/' -i /etc/ssh/sshd_config"; \
+    in-target bash -c "sed -e 's/^\s*#*\s*Port\s\s*[0-9][0-9]*$/Port {{ ansible_port }}/' -i /etc/ssh/sshd_config"; \
 {% endif %}
     mkdir -p -m 0700 /target/root/.ssh; \
     cp /authorized_keys /target/root/.ssh/
diff --git a/roles/installer/openbsd/autoinstall/templates/install.site.j2 b/roles/installer/openbsd/autoinstall/templates/install.site.j2
index 3608c9a4..72daa488 100644
--- a/roles/installer/openbsd/autoinstall/templates/install.site.j2
+++ b/roles/installer/openbsd/autoinstall/templates/install.site.j2
@@ -10,7 +10,7 @@ EOF
 
 {% if ansible_port is defined %}
 echo "Setting SSH port to {{ ansible_port }}"
-sed -e 's/^\(\s*#*\s*Port.*\)/Port {{ ansible_port }}/' -i /etc/ssh/sshd_config
+sed -e 's/^\s*#*\s*Port\s\s*[0-9][0-9]*$/Port {{ ansible_port }}/' -i /etc/ssh/sshd_config
 {% endif %}
 
 echo "Installing python"
diff --git a/roles/installer/ubuntu/autoinstall/templates/autoinstall.yml.j2 b/roles/installer/ubuntu/autoinstall/templates/autoinstall.yml.j2
index 125e8d82..2a5ad758 100644
--- a/roles/installer/ubuntu/autoinstall/templates/autoinstall.yml.j2
+++ b/roles/installer/ubuntu/autoinstall/templates/autoinstall.yml.j2
@@ -248,13 +248,14 @@ autoinstall:
   late-commands:
   - curtin in-target --target=/target -- swapoff -a; sed -e '/^\/swapfile/d' -e '/^\/swap\.img/d' -i /etc/fstab; rm -f /swapfile /swap.img
 {% if ansible_port is defined %}
-  - curtin in-target --target=/target -- sed -e 's/^\(\s*#*\s*Port.*\)/Port {{ ansible_port }}/' -i /etc/ssh/sshd_config
+  - curtin in-target --target=/target -- sed -e 's/^\s*#*\s*Port\s\s*[0-9][0-9]*$/Port {{ ansible_port }}/' -i /etc/ssh/sshd_config
+  - curtin in-target --target=/target -- bash -c "mkdir -p /etc/systemd/system/ssh.socket.d; echo -e '[Socket]\nListenStream=\nListenStream={{ ansible_port }}' > /etc/systemd/system/ssh.socket.d/port.conf"
 {% endif %}
   - curtin in-target --target=/target -- apt-get -y -q purge multipath-tools open-vm-tools
   - curtin in-target --target=/target -- apt-get -y -q purge systemd-oomd
 {% if ubuntu_autoinstall_desktop is undefined %}
   - curtin in-target --target=/target -- apt-mark manual iputils-ping isc-dhcp-client netcat-openbsd netplan.io sudo
-  - curtin in-target --target=/target -- apt-get -y -q purge policykit-1 ubuntu-minimal unattended-upgrades sound-theme-freedesktop thin-provisioning-tools cryptsetup byobu open-iscsi btrfs-progs pollinate lxd-agent-loader ufw
+  - curtin in-target --target=/target -- apt-get -y -q purge policykit-1 ubuntu-minimal unattended-upgrades ubuntu-advantage-tools sound-theme-freedesktop thin-provisioning-tools cryptsetup byobu open-iscsi btrfs-progs pollinate lxd-agent-loader ufw
 {%   if install.disks.primary != "software-raid" %}
   - curtin in-target --target=/target -- apt-get -y -q purge mdadm
 {%   endif %}
-- 
cgit v1.2.3