-
Elias Rudberg authoredElias Rudberg authored
litebastion
NOTE 2025-03-05: this repo is to be archived, its contents have been moved into the roles/litebastion subdirectory of the sigsum ansible repo at https://git.glasklar.is/sigsum/admin/ansible/-/tree/main/roles/litebastion and any continued development should happen there.
An ansible role that installs, configures, and manages the litebastion software as a systemd service.
The litebastion service is restarted on changes to (i) the systemd service file, (ii) the selected software version, or (iii) the software's runtime options. The litebastion service is reloaded with SIGHUP if the list of backends change.
Read C2SP/https-bastion to learn more about what a bastion host is.
Requirements
The target system must have systemd installed and running. The system's package
manager must also install a recent enough golang compiler (or the playbook will
fail). On Debian stable, you may set litebastion_debian_backports: true.
Role Variables
You will likely want to set the following variables:
litebastion_goversionlitebastion_emaillitebastion_hostlitebastion_listenlitebastion_backends
See defaults/main.yml for details.
Dependencies
None
Install the role
Import the litebastion role as ./roles/litebastion:
$ ansible-galaxy install git+https://git.glasklar.is/sigsum/admin/litebastion,main -p ./rolesReplace main with a git-tag to checkout a fixed version.
Use the --force flag to downgrade or upgrade the version.
View installed roles
View roles that were installed in the ./roles directory:
$ ansible-galaxy role list -p ./rolesExample Playbook
---
- name: Example playbook
hosts: all
become: true
roles:
- litebastionHints:
systemctl status litebastionjournalctl -u litebastion.service
License
BSD 2-Clause License
Contact
- IRC room
#sigsum - Matrix room
#sigsumwhich is bridged with IRC - The sigsum-general mailing list