ansible/nis
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1c57c66dca
nis/roles/common/tasks/sshd.yml

152 lines
3.9 KiB
YAML
Raw Blame History

---
# ---
# Set some facts
# ---
- name: (sshd.yml) Set fact_sshd_kexalgorithms (comma separated list)
set_fact:
fact_sshd_kexalgorithms: "{{ sshd_kexalgorithms | join (',') }}"
when:
- sshd_kexalgorithms is defined and sshd_kexalgorithms | length > 0
tags:
- sshd-config
- name: (sshd.yml) Set fact_sshd_ciphers (comma separated list)
set_fact:
fact_sshd_ciphers: "{{ sshd_ciphers | join (',') }}"
when:
- sshd_ciphers is defined and sshd_ciphers | length > 0
tags:
- sshd-config
- name: (sshd.yml) Set fact_sshd_macs
set_fact:
fact_sshd_macs: "{{ sshd_macs | join (',') }}"
when:
- sshd_macs is defined and sshd_macs | length > 0
tags:
- sshd-config
- name: (sshd.yml) Set fact_sshd_hostkeyalgorithms (blank separated list)
set_fact:
fact_sshd_hostkeyalgorithms: "{{ sshd_hostkeyalgorithms | join (',') }}"
when:
- sshd_hostkeyalgorithms is defined and sshd_hostkeyalgorithms | length > 0
tags:
- sshd-config
- name: (sshd.yml) Set fact_sshd_allowed_users (blank separated list)
set_fact:
fact_sshd_allowed_users: "{{ sshd_allowed_users | join (' ') }}"
when:
- sshd_allowed_users is defined and sshd_allowed_users | length > 0
tags:
- sshd-config
# ---
# Create new sshd_config
# ---
- name: (sshd.yml) Check file '/etc/ssh/sshd_config.ORIG' exists
stat:
path: /etc/ssh/sshd_config.ORIG
register: etc_sshd_sshd_config_ORIG
tags:
- sshd-config
- name: (sshd.yml) Backup installation version of file '/etc/ssh/sshd_config'
command: cp -a /etc/ssh/sshd_config /etc/ssh/sshd_config.ORIG
when: etc_sshd_sshd_config_ORIG.stat.exists == False
tags:
- sshd-config
- name: (sshd.yml) Create new sshd_config from template sshd_config.j2
template:
src: etc/ssh/sshd_config.j2
dest: /etc/ssh/sshd_config
owner: root
group: root
mode: 0644
validate: 'sshd -f %s -T'
#backup: yes
notify: "Restart ssh"
when:
- ansible_facts['distribution'] == "Ubuntu"
tags:
- sshd-config
- name: (sshd.yml) Create/Update new sshd_config from template sshd_config.j2
template:
src: etc/ssh/sshd_config.j2
dest: /etc/ssh/sshd_config
owner: root
group: root
mode: 0644
validate: 'sshd -f %s -T'
notify: "Restart ssh"
when:
- create_sftp_group is undefined or create_sftp_group is defined and not create_sftp_group
- ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] <= "10"
tags:
- sshd-config
- name: (sshd.yml) Create/Update sshd_config for chrooted sftp_group from template sshd_config.j2
template:
src: etc/ssh/sshd_config.j2
dest: /etc/ssh/sshd_config
owner: root
group: root
mode: 0644
validate: 'sshd -f %s -T -C user=sftp_users'
notify: "Restart ssh"
when:
- create_sftp_group is defined and create_sftp_group
- ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] <= "10"
tags:
- sshd-config
- name: (sshd.yml) Check if sshd_config contains activ parameter 'Subsystem sftp'..
lineinfile:
path: /etc/ssh/sshd_config
regexp: '^Subsystem\s+sftp(.+)$'
state: absent
check_mode: yes
changed_when: false
register: sshd_config_sftp
tags:
- sshd-config
- name: (sshd.yml) Ensure directory '/etc/ssh/sshd_config.d' exists
file:
path: /etc/ssh/sshd_config.d
state: directory
mode: 0755
group: root
owner: root
when:
- ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] > "10"
tags:
- sshd-config
- name: (sshd.yml) Create/Update file '/etc/ssh/sshd_config.d/50-sshd-local.conf' from template sshd_config.j2
template:
src: etc/ssh/sshd_config.j2
dest: /etc/ssh/sshd_config.d/50-sshd-local.conf
owner: root
group: root
mode: 0644
notify: "Restart ssh"
when:
- ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] > "10"
tags:
- sshd-config
Reference in New Issue View Git Blame Copy Permalink