Factor frr role from debian, ceph and proxmox
Consolidate base system and networking setup into debian role and BGP configuration into frr role. Add facts role to collect data from NetBox once to avoid many slow lookups. Also many other tweaks and cleanups.
This commit is contained in:
parent
256dae2955
commit
25bcddede1
31 changed files with 167 additions and 312 deletions
|
|
@ -1,16 +0,0 @@
|
|||
[Unit]
|
||||
Description=OpenBSD Secure Shell server (management VRF)
|
||||
After=network.target auditd.service
|
||||
|
||||
[Service]
|
||||
ExecStartPre=/usr/sbin/sshd -t
|
||||
ExecStart=ip vrf exec mgmt /usr/sbin/sshd -f /etc/ssh/sshd_config.mgmt
|
||||
ExecReload=/usr/sbin/sshd -t
|
||||
ExecReload=/bin/kill -HUP $MAINPID
|
||||
KillMode=process
|
||||
Restart=on-failure
|
||||
RestartPreventExitStatus=255
|
||||
Type=notify
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
|
@ -1,15 +0,0 @@
|
|||
# This is for sshd in management VRF, for ansible and other not-really-OOB stuff.
|
||||
|
||||
PidFile none
|
||||
UsePAM no
|
||||
Subsystem sftp /usr/lib/openssh/sftp-server
|
||||
|
||||
# Only allow pubkey auth.
|
||||
KbdInteractiveAuthentication no
|
||||
PasswordAuthentication no
|
||||
PermitRootLogin prohibit-password
|
||||
|
||||
# Disable what we can.
|
||||
AllowTcpForwarding no
|
||||
GatewayPorts no
|
||||
X11Forwarding no
|
||||
Loading…
Add table
Add a link
Reference in a new issue