ansible/oopen-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
5b0ae7542a
oopen-server/roles/common/tasks/sshd.yml
Christoph 2c095f1674 Update..
2020-10-28 02:38:09 +01:00

80 lines
2.2 KiB
YAML
Raw Blame History

---
# ---
# Set some facts
# ---
- name: (sshd.yml) Set fact_sshd_kexalgorithms (comma separated list)
set_fact:
fact_sshd_kexalgorithms: "{{ sshd_kexalgorithms | join (',') }}"
when:
- sshd_kexalgorithms is defined and sshd_kexalgorithms | length > 0
- name: (sshd.yml) Set fact_sshd_ciphers (comma separated list)
set_fact:
fact_sshd_ciphers: "{{ sshd_ciphers | join (',') }}"
when:
- sshd_ciphers is defined and sshd_ciphers | length > 0
- name: (sshd.yml) Set fact_sshd_macs
set_fact:
fact_sshd_macs: "{{ sshd_macs | join (',') }}"
when:
- sshd_macs is defined and sshd_macs | length > 0
- name: (sshd.yml) Set fact_sshd_hostkeyalgorithms (blank separated list)
set_fact:
fact_sshd_hostkeyalgorithms: "{{ sshd_hostkeyalgorithms | join (',') }}"
when:
- sshd_hostkeyalgorithms is defined and sshd_hostkeyalgorithms | length > 0
- name: (sshd.yml) Set fact_sshd_allowed_users (blank separated list)
set_fact:
fact_sshd_allowed_users: "{{ sshd_allowed_users | join (' ') }}"
when:
- sshd_allowed_users is defined and sshd_allowed_users | length > 0
- name: (sshd.yml) Check file '/etc/ssh/sshd_config.ORIG' exists
stat:
path: /etc/ssh/sshd_config.ORIG
register: etc_sshd_sshd_config_ORIG
tags:
- sshd-config
- name: (sshd.yml) Backup installation version of file '/etc/ssh/sshd_config'
command: cp -a /etc/ssh/sshd_config /etc/ssh/sshd_config.ORIG
when: etc_sshd_sshd_config_ORIG.stat.exists == False
tags:
- sshd-config
- name: (sshd.yml) Create/Update new sshd_config from template sshd_config.j2
template:
src: etc/ssh/sshd_config.j2
dest: /etc/ssh/sshd_config
owner: root
group: root
mode: 0644
validate: 'sshd -f %s -T'
notify: "Restart ssh"
when:
- create_sftp_group is defined and not create_sftp_group
tags:
- sshd-config
- name: (sshd.yml) Create/Update sshd_config for chrooted sftp_group from template sshd_config.j2
template:
src: etc/ssh/sshd_config.j2
dest: /etc/ssh/sshd_config
owner: root
group: root
mode: 0644
validate: 'sshd -f %s -T -C user=sftp_users'
notify: "Restart ssh"
when:
- create_sftp_group is defined and create_sftp_group
tags:
- sshd-config
Reference in New Issue View Git Blame Copy Permalink