improve user setup, manage sshd and winrm

.gitmodules

@@ -31,3 +31,6 @@
 [submodule "roles/do1jlr.win_firewall_icmp"]
 	path = roles/do1jlr.win_firewall_icmp
 	url = https://backwesen.de/voc/win_ansible_role_firewall_icmp.git
+[submodule "roles/do1jlr.win_sshd"]
+	path = roles/do1jlr.win_sshd
+	url = https://backwesen.de/voc/win_ansible_role_sshd.git

README.md

@@ -46,29 +46,15 @@ Ansible Requirements
 ansible-galaxy install -r requirements.yml
 ```
 
-And PyWinRM Python mdule
+Install sshpass fo SSH with Passwords to windowsvia ansible
 ```bash
-pip3 install pywinrm
+sudo apt install sshpass
 ```
 
- Configure Ansible Access (WinRM Setup)
+ Configure Ansible Access (Windows SSH Server Setup)
 ----------------------------------------
 
-### configure WinRM Access
-Configure WinRM with the ``ConfigureRemotingForAnsible.ps1`` Script as described in [docs.ansible.com/ansible/latest/user_guide/windows_setup.html#winrm-setup](https://docs.ansible.com/ansible/latest/user_guide/windows_setup.html#winrm-setup) in your WINDOWS PowerShell.
-
-### configure ansible setup for new hosts
-+ add your host to the ``hosts.ini`` file.
-+ add the following variables in the ``host_vars``:
-
-```yaml
----
-# host_vars/$hostname/vars.yml
-ansible_connection: winrm
-ansible_user: 'Windows_Admin_User'
-ansible_password: 'Your_Windows_Admin_Password'
-ansible_winrm_server_cert_validation: ignore
-```
+Have a look at the [official Ansible Docs](https://docs.ansible.com/ansible/latest/os_guide/windows_setup.html#windows-ssh-setup) and install [OpenSSH Server](https://learn.microsoft.com/en-us/windows-server/administration/openssh/openssh_install_firstuse?tabs=powershell) on Windows or WinRM by running the [ConfigureReotingForAnsible.ps1](https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureReotingForAnsible.ps1) script.
 
  Gopass Passwords
 ------------------

group_vars/obs/vars.yml

@@ -8,8 +8,10 @@ win_obs_init__powerplan_enabled: true
 win_obs_init_powerplan_mode: 'high performance'
 
 # connect
-ansible_connection: winrm
+ansible_connection: ssh
+ansible_shell_type: "powershell"
 ansible_winrm_server_cert_validation: ignore
+ansible_pipelining: true
 ansible_password: "{{ lookup('community.general.passwordstore', 'chvoc/ansible/windows/' + inventory_hostname + '/login/' + ansible_user) }}"
 
 # credetials
@@ -19,7 +21,7 @@ win_obs_init__password: "{{ lookup('community.general.passwordstore', gopass_pas
 
 # manage autologon
 win_obs_init__autologon: true
-win_obs_init__autologon_password: "{{ lookup('community.general.passwordstore', 'chvoc/ansible/windows/' + inventory_hostname + '/login/obs') }}"
+win_obs_init__autologon_password: "{{ lookup('community.general.passwordstore', 'chvoc/ansible/windows/' + inventory_hostname + '/login/voc') }}"
 
 # define obs szene
 win_obs_szene__project: 'swiss_python_summit_2022'

hosts.ini

@@ -2,4 +2,4 @@
 obs-white ansible_host=obs-white.local
 obs-yellow ansible_host=obs-yellow.local
 obs-blue ansible_host=obs-blue.local
-obs-spare ansible_host=obs-spare.local
+obs-misc ansible_host=obs-misc.local

roles/do1jlr.win_obs_setup

@@ -1 +1 @@
-Subproject commit 6b86e9d710ed073088e82b4d0b343dc932cb2920
+Subproject commit 6249b9b886a4561fa1eab6978453d699bd8c7f4c

roles/do1jlr.win_sshd

@@ -0,0 +1 @@
+Subproject commit 61b785cae02215e0d7dc3878da5d792e198a595c

site.yml

@@ -12,6 +12,7 @@
     - {role: do1jlr.win_base_setup, tags: [user, setup]}
     - {role: do1jlr.win_zeroconf, tags: zeroconf}
     - {role: do1jlr.win_firewall_icmp, tags: firewall}
+    - {role: do1jlr.win_sshd, tags: sshd}
     - {role: do1jlr.win_obs_setup, tags: [user, obs]}
     - {role: do1jlr.win_parsec, tags: parsec}
     - {role: do1jlr.win_streamdeck, tags: streamdeck}