feat(minor): option to disable warning banner when init-ing ssh session

press/playbooks/roles/sshd_hardening/tasks/main.yml

@@ -50,6 +50,7 @@
  dest: /etc/ssh/sshd_config
  regexp: '^Banner'
  line: "Banner /etc/login.warn"
+ when: "{{ add_warning_banner is defined and add_warning_banner }}"
 
 - name: "Ensure SSH MaxStartups is configured"
  lineinfile:

press/playbooks/roles/warning_banners/tasks/main.yml

@@ -6,6 +6,7 @@
  owner: root
  group: root
  mode: 0644
+ when: "{{ add_warning_banner is defined and add_warning_banner }}"
 
 - name: "Ensure local login warning banner is configured properly"
  copy:
@@ -14,6 +15,7 @@
  owner: root
  group: root
  mode: 0644
+ when: "{{ add_warning_banner is defined and add_warning_banner }}"
 
 - name: "Ensure remote login warning banner is configured properly"
  copy:
@@ -22,6 +24,7 @@
  owner: root
  group: root
  mode: 0644
+ when: "{{ add_warning_banner is defined and add_warning_banner }}"
 
 - name: "Ensure remote login warning banner is configured for ssh"
  copy:
@@ -30,6 +33,7 @@
  owner: root
  group: root
  mode: 0644
+ when: "{{ add_warning_banner is defined and add_warning_banner }}"
 
 - name: "Ensure permissions on /etc/motd are configured"
  file:
@@ -38,6 +42,7 @@
  owner: root
  group: root
  mode: 0644
+ when: "{{ add_warning_banner is defined and add_warning_banner }}"
 
 - name: "Ensure permissions on /etc/issue are configured"
  file:
@@ -46,11 +51,13 @@
  owner: root
  group: root
  mode: 0644
+ when: "{{ add_warning_banner is defined and add_warning_banner }}"
 
 - name: "Ensure permissions on /etc/issue.net are configured"
  file:
  dest: /etc/issue.net
  state: file
  owner: root
  group: root
- mode: 0644
+ mode: 0644
+ when: "{{ add_warning_banner is defined and add_warning_banner }}"

press/press/doctype/database_server/database_server.py

@@ -327,6 +327,7 @@ def _setup_server(self):
  "certificate_private_key": certificate.private_key,
  "certificate_full_chain": certificate.full_chain,
  "certificate_intermediate_chain": certificate.intermediate_chain,
+ "add_warning_banner": frappe.db.get_single_value("Press Settings", "add_warning_banner")
  },
  )
  play = ansible.run()

press/press/doctype/press_settings/press_settings.json

@@ -169,6 +169,8 @@
  "use_staging_ca",
  "ssh_section",
  "ssh_certificate_authority",
+ "column_break_ohvk",
+ "add_warning_banner",
  "monitoring_section",
  "monitor_server",
  "monitor_token",
@@ -1167,11 +1169,21 @@
  "fieldtype": "Link",
  "label": "Hybrid Domain",
  "options": "Root Domain"
+ },
+ {
+ "fieldname": "column_break_ohvk",
+ "fieldtype": "Column Break"
+ },
+ {
+ "default": "1",
+ "fieldname": "add_warning_banner",
+ "fieldtype": "Check",
+ "label": "Add Warning Banner"
  }
  ],
  "issingle": 1,
  "links": [],
- "modified": "2024-03-05 15:51:49.055544",
+ "modified": "2024-03-20 10:50:07.152942",
  "modified_by": "Administrator",
  "module": "Press",
  "name": "Press Settings",

press/press/doctype/server/server.py

@@ -187,10 +187,8 @@ def validate_agent_password(self):
  self.agent_password = frappe.generate_hash(length=32)
 
  def get_agent_repository_url(self):
- settings = frappe.get_single("Press Settings")
- repository_owner = settings.agent_repository_owner or "frappe"
- url = f"https://github.com/{repository_owner}/agent"
- return url
+ repository_owner = frappe.db.get_single_value("Press Settings", "agent_repository_owner") or "frappe"
+ return f"https://github.com/{repository_owner}/agent"
 
  @frappe.whitelist()
  def ping_agent(self):
@@ -802,6 +800,7 @@ def _setup_server(self):
  "certificate_private_key": certificate.private_key,
  "certificate_full_chain": certificate.full_chain,
  "certificate_intermediate_chain": certificate.intermediate_chain,
+ "add_warning_banner": frappe.db.get_single_value("Press Settings", "add_warning_banner"),
  },
  )
  play = ansible.run()