From 45276b3fd94e505ad5c31dcf9bf35002b079ef73 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rafael=20L=C3=A1szl=C3=B3?= <rlacko99@gmail.com>
Date: Wed, 28 Jul 2021 23:29:27 +0200
Subject: [PATCH] Fix ssh in router and add missing unpriviligized flag

---
 ansible/router/tasks/main.yaml | 11 ++++++++---
 terraform/router.tf            |  3 +++
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/ansible/router/tasks/main.yaml b/ansible/router/tasks/main.yaml
index 996821c..c0cc55c 100644
--- a/ansible/router/tasks/main.yaml
+++ b/ansible/router/tasks/main.yaml
@@ -21,13 +21,18 @@
     src: etc/ssh/sshd_config.j2
     dest: /etc/ssh/sshd_config
     mode: 0600
+ 
+# disable the ssh.socket, otherwise it will collide with ssh.service
+- name: Ensure ssh socket is disabled
+  service:
+    name: ssh.socket
+    enabled: no
 
-- name: Ensure sshd is restarted and enabled to start at boot.
+- name: Ensure ssh is restarted and enabled to start at boot.
   service:
-    name: sshd
+    name: ssh
     state: restarted
     enabled: yes
-    daemon_reload: yes
 
 - name: Setup firewall
   include_tasks: firewall.yaml
diff --git a/terraform/router.tf b/terraform/router.tf
index 872b8ff..d3b3da6 100644
--- a/terraform/router.tf
+++ b/terraform/router.tf
@@ -13,6 +13,7 @@ resource "proxmox_lxc" "router" {
   cores        = 4
   onboot       = true
   startup      = "order=1"
+  unprivileged = true
 
   ssh_public_keys  = local.ssh_keys
 
@@ -26,6 +27,7 @@ resource "proxmox_lxc" "router" {
     bridge = "vmbr211"
     ip     = "152.66.211.122/24"
     gw     = "152.66.211.254"
+    hwaddr = "BE:7E:2B:F3:19:7A"
   }
 
   network {
@@ -33,5 +35,6 @@ resource "proxmox_lxc" "router" {
     bridge = "vmbr0"
     ip     = "192.168.99.254/22"
     ip6    = "fd00::9:254/96" 
+    hwaddr = "7A:9C:F7:A8:5D:1C"
   }
 }
-- 
GitLab