From f999c15675f56fbfd887b9ba52064e9cd0d89541 Mon Sep 17 00:00:00 2001
From: L3D <l3d@c3woc.de>
Date: Thu, 29 Dec 2022 04:32:45 +0100
Subject: [PATCH] improve user setup, manage sshd and winrm

---
 .gitmodules                |  3 +++
 README.md                  | 22 ++++------------------
 group_vars/obs/vars.yml    |  6 ++++--
 hosts.ini                  |  2 +-
 roles/do1jlr.win_obs_setup |  2 +-
 roles/do1jlr.win_sshd      |  1 +
 site.yml                   |  1 +
 7 files changed, 15 insertions(+), 22 deletions(-)
 create mode 160000 roles/do1jlr.win_sshd

diff --git a/.gitmodules b/.gitmodules
index d70ef5e..6ac64c1 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -31,3 +31,6 @@
 [submodule "roles/do1jlr.win_firewall_icmp"]
 	path = roles/do1jlr.win_firewall_icmp
 	url = https://backwesen.de/voc/win_ansible_role_firewall_icmp.git
+[submodule "roles/do1jlr.win_sshd"]
+	path = roles/do1jlr.win_sshd
+	url = https://backwesen.de/voc/win_ansible_role_sshd.git
diff --git a/README.md b/README.md
index 9567d85..04e0d9f 100644
--- a/README.md
+++ b/README.md
@@ -46,29 +46,15 @@ Ansible Requirements
 ansible-galaxy install -r requirements.yml
 ```
 
-And PyWinRM Python mdule
+Install sshpass fo SSH with Passwords to windowsvia ansible
 ```bash
-pip3 install pywinrm
+sudo apt install sshpass
 ```
 
- Configure Ansible Access (WinRM Setup)
+ Configure Ansible Access (Windows SSH Server Setup)
 ----------------------------------------
 
-### configure WinRM Access
-Configure WinRM with the ``ConfigureRemotingForAnsible.ps1`` Script as described in [docs.ansible.com/ansible/latest/user_guide/windows_setup.html#winrm-setup](https://docs.ansible.com/ansible/latest/user_guide/windows_setup.html#winrm-setup) in your WINDOWS PowerShell.
-
-### configure ansible setup for new hosts
-+ add your host to the ``hosts.ini`` file.
-+ add the following variables in the ``host_vars``:
-
-```yaml
----
-# host_vars/$hostname/vars.yml
-ansible_connection: winrm
-ansible_user: 'Windows_Admin_User'
-ansible_password: 'Your_Windows_Admin_Password'
-ansible_winrm_server_cert_validation: ignore
-```
+Have a look at the [official Ansible Docs](https://docs.ansible.com/ansible/latest/os_guide/windows_setup.html#windows-ssh-setup) and install [OpenSSH Server](https://learn.microsoft.com/en-us/windows-server/administration/openssh/openssh_install_firstuse?tabs=powershell) on Windows or WinRM by running the [ConfigureReotingForAnsible.ps1](https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureReotingForAnsible.ps1) script.
 
  Gopass Passwords
 ------------------
diff --git a/group_vars/obs/vars.yml b/group_vars/obs/vars.yml
index 3a7f29b..b6a4e33 100644
--- a/group_vars/obs/vars.yml
+++ b/group_vars/obs/vars.yml
@@ -8,8 +8,10 @@ win_obs_init__powerplan_enabled: true
 win_obs_init_powerplan_mode: 'high performance'
 
 # connect
-ansible_connection: winrm
+ansible_connection: ssh
+ansible_shell_type: "powershell"
 ansible_winrm_server_cert_validation: ignore
+ansible_pipelining: true
 ansible_password: "{{ lookup('community.general.passwordstore', 'chvoc/ansible/windows/' + inventory_hostname + '/login/' + ansible_user) }}"
 
 # credetials
@@ -19,7 +21,7 @@ win_obs_init__password: "{{ lookup('community.general.passwordstore', gopass_pas
 
 # manage autologon
 win_obs_init__autologon: true
-win_obs_init__autologon_password: "{{ lookup('community.general.passwordstore', 'chvoc/ansible/windows/' + inventory_hostname + '/login/obs') }}"
+win_obs_init__autologon_password: "{{ lookup('community.general.passwordstore', 'chvoc/ansible/windows/' + inventory_hostname + '/login/voc') }}"
 
 # define obs szene
 win_obs_szene__project: 'swiss_python_summit_2022'
diff --git a/hosts.ini b/hosts.ini
index d9b9ab2..e4f5581 100644
--- a/hosts.ini
+++ b/hosts.ini
@@ -2,4 +2,4 @@
 obs-white ansible_host=obs-white.local
 obs-yellow ansible_host=obs-yellow.local
 obs-blue ansible_host=obs-blue.local
-obs-spare ansible_host=obs-spare.local
+obs-misc ansible_host=obs-misc.local
diff --git a/roles/do1jlr.win_obs_setup b/roles/do1jlr.win_obs_setup
index 6b86e9d..6249b9b 160000
--- a/roles/do1jlr.win_obs_setup
+++ b/roles/do1jlr.win_obs_setup
@@ -1 +1 @@
-Subproject commit 6b86e9d710ed073088e82b4d0b343dc932cb2920
+Subproject commit 6249b9b886a4561fa1eab6978453d699bd8c7f4c
diff --git a/roles/do1jlr.win_sshd b/roles/do1jlr.win_sshd
new file mode 160000
index 0000000..61b785c
--- /dev/null
+++ b/roles/do1jlr.win_sshd
@@ -0,0 +1 @@
+Subproject commit 61b785cae02215e0d7dc3878da5d792e198a595c
diff --git a/site.yml b/site.yml
index fa16e8b..a4172b8 100644
--- a/site.yml
+++ b/site.yml
@@ -12,6 +12,7 @@
     - {role: do1jlr.win_base_setup, tags: [user, setup]}
     - {role: do1jlr.win_zeroconf, tags: zeroconf}
     - {role: do1jlr.win_firewall_icmp, tags: firewall}
+    - {role: do1jlr.win_sshd, tags: sshd}
     - {role: do1jlr.win_obs_setup, tags: [user, obs]}
     - {role: do1jlr.win_parsec, tags: parsec}
     - {role: do1jlr.win_streamdeck, tags: streamdeck}