Initial commit

2024-10-30 01:50:38 +01:00
commit 587ca23374
147 changed files with 7521 additions and 0 deletions
--- a/roles/dropbear/README.md
+++ b/roles/dropbear/README.md
@@ -0,0 +1,53 @@
+# `flyoverhead.openwrt.dropbear`
+
+OpenWRT `dropbear` configuration
+- configure dropbear settings
+
+## Role Variables
+
+| Variable | Descritpion | Status | Type | Example |
+| :--- | :--- | :--- | :--- | :--- |
+| `dropbear` | Dropbear settings configuration |  | `dictionary` |  |
+| &emsp;`enable` | Enable starting dropbear at system boot | `required` | `boolean` | `1` |
+| &emsp;`verbose` | Enable verbose output by the start scrip | `optional` | `boolean` | `0` |
+| &emsp;`BannerFile` | Name of a file to be printed before the user has authenticated successfully | `optional` | `string` | `7` |
+| &emsp;`PasswordAuth` | Allow authenticating with passwords | `optional` | `boolean` | `1` |
+| &emsp;`Port` | SSH service listening port | `required` | `integer` | `22` |
+| &emsp;`RootPasswordAuth` | Allow authenticating as root with passwords | `optional` | `boolean` | `1` |
+| &emsp;`RootLogin` | Allow SSH logins as root | `optional` | `boolean` | `1` |
+| &emsp;`GatewayPorts` | Allow remote hosts to connect to forwarded port | `optional` | `boolean` | `0` |
+| &emsp;`Interface` | Limit connections to specified network interface | `optional` | `string` | `lan` |
+| &emsp;`keyfile` | Path to host key file | `optional` | `string` | `/etc/dropbear/authorized_keys` |
+| &emsp;`SSHKeepAlive` | Keep alive | `optional` | `integer` | `300` |
+| &emsp;`IdleTimeout` | Idle timeout | `optional` | `integer` | `0` |
+| &emsp;`mdns` | Enable announcing the service via mDNS | `optional` | `boolean` | `1` |
+| &emsp;`MaxAuthTries` | Amount of password entering retries before SSH server closes the connection | `optional` | `integer` | `3` |
+| &emsp;`RecvWindowSize` | Per-channel receive window buffer size | `optional` | `integer` | `24576` |
+
+> Note: multiple public keys can be added to `authorized_keys` file in `files` directory
+
+## Dependencies
+
+| Name | Description |
+| :--- | :--- |
+| `Ansible Role: openwrt` | [Ansible role by gekmihesg](https://github.com/gekmihesg/ansible-openwrt) for managing OpenWRT and derivatives |
+
+## Example Playbook
+
+```yaml
+- hosts: openwrt
+  roles:
+      - role: flyoverhead.openwrt.dropbear
+```
+
+## License
+
+[GNU General Public License v3.0](https://www.gnu.org/licenses/gpl-3.0.txt)
+
+## Author Information
+
+fly0v3rH34D
+
+## References
+
+- https://openwrt.org/docs/guide-user/base-system/dropbear
--- a/roles/dropbear/defaults/main.yml
+++ b/roles/dropbear/defaults/main.yml
@@ -0,0 +1,18 @@
+---
+# system section
+dropbear:
+  enable: ""
+  verbose: ""
+  BannerFile: ""
+  PasswordAuth: ""
+  Port: ""
+  RootPasswordAuth: ""
+  RootLogin: ""
+  GatewayPorts: ""
+  Interface: ""
+  keyfile: ""
+  SSHKeepAlive: ""
+  IdleTimeout: ""
+  mdns: ""
+  MaxAuthTries: ""
+  RecvWindowSize: ""
--- a/roles/dropbear/files/authorized_keys
+++ b/roles/dropbear/files/authorized_keys
--- a/roles/dropbear/handlers/main.yml
+++ b/roles/dropbear/handlers/main.yml
@@ -0,0 +1,6 @@
+---
+# Reload dropbear service
+- name: Reload dropbear
+  ansible.builtin.service:
+    name: dropbear
+    state: reloaded
--- a/roles/dropbear/meta/main.yml
+++ b/roles/dropbear/meta/main.yml
@@ -0,0 +1,12 @@
+---
+galaxy_info:
+  author: flyoverhead
+  description: Configure dropbear settings
+  license: GPL-3.0
+  min_ansible_version: "2.13"
+  platforms:
+    - name: OpenWrt
+      versions: ["22.03"]
+  galaxy_tags: ["openwrt", "dropbear"]
+dependencies:
+  - role: gekmihesg.openwrt
--- a/roles/dropbear/tasks/dropbear.yml
+++ b/roles/dropbear/tasks/dropbear.yml
@@ -0,0 +1,24 @@
+---
+# Configure dropbear settings
+- name: Configure dropbear settings
+  uci:
+    command: "set"
+    config: "dropbear"
+    section: "@dropbear[0]"
+    type: "dropbear"
+    value:
+      enable: "{{ dropbear.enable | default(omit) }}"
+      verbose: "{{ dropbear.verbose | default(omit) }}"
+      BannerFile: "{{ dropbear.BannerFile | default(omit) }}"
+      PasswordAuth: "{{ dropbear.PasswordAuth | default(omit) }}"
+      Port: "{{ dropbear.Port | default(omit) }}"
+      RootPasswordAuth: "{{ dropbear.RootPasswordAuth | default(omit) }}"
+      RootLogin: "{{ dropbear.RootLogin | default(omit) }}"
+      GatewayPorts: "{{ dropbear.GatewayPorts | default(omit) }}"
+      Interface: "{{ dropbear.Interface | default(omit) }}"
+      keyfile: "{{ dropbear.keyfile | default(omit) }}"
+      SSHKeepAlive: "{{ dropbear.SSHKeepAlive | default(omit) }}"
+      IdleTimeout: "{{ dropbear.IdleTimeout | default(omit) }}"
+      mdns: "{{ dropbear.mdns | default(omit) }}"
+      MaxAuthTries: "{{ dropbear.MaxAuthTries | default(omit) }}"
+      RecvWindowSize: "{{ dropbear.RecvWindowSize | default(omit) }}"
--- a/roles/dropbear/tasks/main.yml
+++ b/roles/dropbear/tasks/main.yml
@@ -0,0 +1,20 @@
+---
+# Configure dropbear section
+- name: Configure dropbear section
+  ansible.builtin.include_tasks: dropbear.yml
+
+# Copy SSH authorized keys
+- name: Copy ssh authorized keys
+  ansible.builtin.copy:
+    src: "authorized_keys"
+    dest: "/etc/dropbear/authorized_keys"
+    owner: "root"
+    group: "root"
+    mode: "0600"
+    force: true
+
+# Apply changes and reload dropbear service
+- name: Apply changes and reload dropbear
+  uci:
+    command: commit
+  notify: Reload dropbear