From 36ebd32aad3ef8bb1e7968e8e0026cc1dea73b20 Mon Sep 17 00:00:00 2001
From: mg <michael.grote@posteo.de>
Date: Sun, 14 Feb 2021 14:53:52 +0100
Subject: [PATCH] PVE-Cluster: Playbooks angepasst

---
 group_vars/proxmox.yml                        |  4 ----
 inventory                                     |  4 ++++
 playbooks/base/5_personalisierung.yml         |  3 ++-
 playbooks/base/6_haertung.yml                 |  4 +++-
 .../on-off/activate_ssh_password_login.yml    | 22 +++++++++++++++++++
 5 files changed, 31 insertions(+), 6 deletions(-)
 create mode 100644 playbooks/on-off/activate_ssh_password_login.yml

diff --git a/group_vars/proxmox.yml b/group_vars/proxmox.yml
index 0fd006d6..259d9969 100644
--- a/group_vars/proxmox.yml
+++ b/group_vars/proxmox.yml
@@ -13,10 +13,6 @@
   smart_smartctlmail_cron_minutes: "15"
   smart_smartctlmail_cron_hours: "6"
   smart_smartctlmail_cron_weekday: "3"
-  ### mgrote.tmux
-  tmux_conf_destination: "/root/.tmux.conf"
-  tmux_bashrc_destination: "/root/.bashrc"
-  tmux_standardsession_name: "default"
   ### mgrote.zfs_extra # Variablen für mgrote.zfs_health/trim/scrub/zed/arc_mem/ sind zusammengefasst unter zfs_extra_*
   zfs_extra_max_usage_health: "80"
 
diff --git a/inventory b/inventory
index cf4b9112..ae4391d4 100644
--- a/inventory
+++ b/inventory
@@ -57,6 +57,8 @@ all:
       hosts:
         gitlab-runner-test.grote.lan:
         gitlab-runner.grote.lan:
+        gitlab-runner2.grote.lan:
+        gitlab-runner3.grote.lan:
 
     production:
       hosts:
@@ -72,6 +74,8 @@ all:
         gitlab-runner.grote.lan:
         pve3.grote.lan:
         pve4.grote.lan:
+        gitlab-runner2.grote.lan:
+        gitlab-runner3.grote.lan:
     test:
       hosts:
         wireguard-test.grote.lan:
diff --git a/playbooks/base/5_personalisierung.yml b/playbooks/base/5_personalisierung.yml
index 118275b4..2567d702 100644
--- a/playbooks/base/5_personalisierung.yml
+++ b/playbooks/base/5_personalisierung.yml
@@ -2,5 +2,6 @@
   - hosts: all
     roles:
       - { role: mgrote.motd, tags: "motd" }
-      - { role: mgrote.tmux, tags: "tmux", when: "not 'proxmox' in group_names" }
+      - { role: mgrote.tmux, tags: "tmux",
+          when: "not 'proxmox' in group_names" }
       - { role: geerlingguy.dotfiles, become: true, tags: "dotfiles" }
diff --git a/playbooks/base/6_haertung.yml b/playbooks/base/6_haertung.yml
index 0707541b..54c3424a 100644
--- a/playbooks/base/6_haertung.yml
+++ b/playbooks/base/6_haertung.yml
@@ -3,7 +3,9 @@
     roles:
       - { role: mgrote.fail2ban, tags: "f2b" }
       - { role: mgrote.postfix, tags: "postfix" }
-      - { role: mgrote.deactivate_ssh_password_login, tags: "ssh" }
+      - { role: mgrote.deactivate_ssh_password_login,
+          tags: "ssh",
+          when: "not 'proxmox' in group_names" }
       - { role: oefenweb.ufw, # Regeln werden in den Group/Host-Vars gesetzt
           tags: "ufw",
           become: true,
diff --git a/playbooks/on-off/activate_ssh_password_login.yml b/playbooks/on-off/activate_ssh_password_login.yml
new file mode 100644
index 00000000..253616bf
--- /dev/null
+++ b/playbooks/on-off/activate_ssh_password_login.yml
@@ -0,0 +1,22 @@
+---
+- hosts: proxmox
+  become: yes
+
+  tasks:
+    - name: allow ssh login with password
+      become: yes
+      ansible.builtin.lineinfile:
+        path: /etc/ssh/sshd_config
+        regexp: 'PasswordAuthentication no'
+        line: '#PasswordAuthentication yes'
+        state: present
+        validate: "/usr/sbin/sshd -T -f %s"
+      notify: restart_sshd
+
+  handlers:
+    - name: restart_sshd
+      become: yes
+      systemd:
+        name: sshd
+        enabled: yes
+        state: restarted