sftp: removed service

README.md

@@ -17,7 +17,6 @@ This project was largely inspired by his own [infra](https://github.com/notthebe
 * Nginx webserver
 * MediaWiki farm
 * Navidrome music server
-* SFTP (not really a service, included in sshd)
 * Syncthing
 * Firewall (UFW)
 

group_vars/all/vars.yml

@@ -20,9 +20,6 @@ admin_username: maestro
 # Username for unpriviledged user
 username: dogeystamp
 
-# Create an SFTP read-only user (leave blank to disable)
-sftp_ro_username: dogeystamp-mobile
-
 # Git repos (could be localhost if Gitea is installed)
 dots_repo: http://localhost:3000/dogeystamp/dots.git
 site_repo: http://localhost:3000/dogeystamp/wb4.git
@@ -270,9 +267,6 @@ enable_navidrome: yes
 # Personal website
 enable_website: yes
 
-# SFTP read-only user
-enable_sftpr: no
-
 # Syncthing
 enable_syncthing: yes
 

roles/services/sftp/tasks/main.yml

@@ -1,15 +0,0 @@
-- name: Create sftp read group
-  group:
-    name: sftpr
-
-- name: Create sftp read-only user
-  user:
-    name: "{{ sftp_ro_username }}"
-    groups:
-      - sftpr
-
-- name: Deploy SSH key to sftp user
-  ansible.posix.authorized_key:
-    user: "{{ sftp_ro_username }}"
-    state: present
-    key: "{{ lookup('file', '~/.ssh/keys/{{ ansible_hostname }}_sftp.pub')}}"

run.yml

@@ -55,11 +55,6 @@
         - nameserver
       when: enable_nameserver
 
-    - role: services/sftp
-      tags:
-        - sftp
-      when: enable_sftpr
-
     - role: services/mail
       tags:
         - mail