Update..

2021-08-23 21:32:31 +02:00
parent 99f0f4c460
commit 707e261c13
50 changed files with 710 additions and 398 deletions
--- a/roles/common/tasks/sshd.yml
+++ b/roles/common/tasks/sshd.yml
@ -60,6 +60,8 @@
  notify: "Restart ssh"
  when:
    - create_sftp_group is defined and not create_sftp_group
+    - ansible_facts['distribution'] == "Debian"
+    - ansible_facts['distribution_major_version'] <= "10"
  tags:
    - sshd-config

@ -74,6 +76,46 @@
  notify: "Restart ssh"
  when:
    - create_sftp_group is defined and create_sftp_group
+    - ansible_facts['distribution'] == "Debian"
+    - ansible_facts['distribution_major_version'] <= "10"
+  tags:
+    - sshd-config
+
+- name: (sshd.yml) Check if sshd_config contains activ parameter 'Subsystem sftp'..
+  lineinfile:
+    path: /etc/ssh/sshd_config
+    regexp: '^Subsystem\s+sftp(.+)$'
+    state: absent
+  check_mode: yes
+  changed_when: false
+  register: sshd_config_sftp
+  tags:
+    - sshd-config
+
+- name: (sshd.yml) Ensure directory '/etc/ssh/sshd_config.d' exists
+  file:
+    path: /etc/ssh/sshd_config.d
+    state: directory
+    mode: 0755
+    group: root
+    owner: root
+  when:
+    - ansible_facts['distribution'] == "Debian"
+    - ansible_facts['distribution_major_version'] > "10"
+  tags:
+    - sshd-config
+
+- name: (sshd.yml) Create/Update file '/etc/ssh/sshd_config.d/50-sshd-local.conf' from template sshd_config.j2
+  template:
+    src: etc/ssh/sshd_config.j2
+    dest: /etc/ssh/sshd_config.d/50-sshd-local.conf
+    owner: root
+    group: root
+    mode: 0644
+  notify: "Restart ssh"
+  when:
+    - ansible_facts['distribution'] == "Debian"
+    - ansible_facts['distribution_major_version'] > "10"
  tags:
    - sshd-config