From 5dfa5d91e44e47a08db1c44c145edea58c9cdfa5 Mon Sep 17 00:00:00 2001
From: Paul Brinkmeier <hallo@pbrinkmeier.de>
Date: Sun, 4 Sep 2022 20:02:30 +0200
Subject: [PATCH] Give GitLab SSH port 22 and use 2309 for SSH access

---
 ansible/inventory                      |  2 +-
 ansible/misc-all.yaml                  |  8 ++++++++
 ansible/{misc.yaml => misc-setup.yaml} | 20 ++++++++++++++++++++
 docker/web/docker-compose.yaml         |  4 ++--
 4 files changed, 31 insertions(+), 3 deletions(-)
 create mode 100644 ansible/misc-all.yaml
 rename ansible/{misc.yaml => misc-setup.yaml} (51%)

diff --git a/ansible/inventory b/ansible/inventory
index 48dbb1b..8b9ff42 100644
--- a/ansible/inventory
+++ b/ansible/inventory
@@ -1,2 +1,2 @@
 [misc]
-h2954114.stratoserver.net
+pbrinkmeier.de
diff --git a/ansible/misc-all.yaml b/ansible/misc-all.yaml
new file mode 100644
index 0000000..8f7b45b
--- /dev/null
+++ b/ansible/misc-all.yaml
@@ -0,0 +1,8 @@
+# All tasks for misc, use this to check whether everything is deployed.
+---
+- name: Set up basic packages, Docker, Nix, sshd
+  import_playbook: misc-setup.yaml
+- name: Deploy Docker configuration
+  import_playbook: misc-docker.yaml
+- name: Check out static websites from git
+  import_playbook: misc-sites.yaml
diff --git a/ansible/misc.yaml b/ansible/misc-setup.yaml
similarity index 51%
rename from ansible/misc.yaml
rename to ansible/misc-setup.yaml
index 4e8e2d6..ee425cd 100644
--- a/ansible/misc.yaml
+++ b/ansible/misc-setup.yaml
@@ -30,3 +30,23 @@
           - docker
           - docker-compose
           - requests
+    - name: Configure sshd
+      register: sshdconfig
+      become: yes
+      copy:
+        dest: /etc/ssh/sshd_config.d/00_pbri.conf
+        mode: u=rw,g=r,o=r
+        # Included by /etc/ssh/sshd_config before other configuration
+        content: |
+          Port 2309
+          PermitRootLogin no
+          PubkeyAuthentication yes
+          AuthorizedKeysFile .ssh/authorized_keys
+          PasswordAuthentication no
+        validate: /usr/sbin/sshd -T -f %s
+    - name: Restart sshd
+      when: sshdconfig.changed
+      become: yes
+      service:
+        name: sshd
+        state: restarted
diff --git a/docker/web/docker-compose.yaml b/docker/web/docker-compose.yaml
index 54c540d..9de5098 100644
--- a/docker/web/docker-compose.yaml
+++ b/docker/web/docker-compose.yaml
@@ -49,7 +49,7 @@ services:
   gitlab:
     image: gitlab/gitlab-ce:15.3.2-ce.0
     ports:
-      - "2222:22"
+      - "22:22"
     volumes:
       - gitlab_data:/var/opt/gitlab
       - gitlab_logs:/var/log/gitlab
@@ -74,7 +74,7 @@ services:
         gitlab_rails['gitlab_email_from'] = 'git@pbrinkmeier.de'
         gitlab_rails['gitlab_email_reply_to'] = 'noreply@pbrinkmeier.de'
 
-        gitlab_rails['gitlab_shell_ssh_port'] = 2222
+        gitlab_rails['gitlab_shell_ssh_port'] = 22
 
         # https://docs.gitlab.com/omnibus/settings/rpi.html
         puma['worker_processes'] = 2