ansible-sshd/defaults/main.yml

91 lines
3.4 KiB
YAML
Raw Normal View History

2014-12-18 23:12:51 +01:00
---
2014-12-22 10:25:31 +01:00
### USER OPTIONS
# Set to false to disable this role completely
sshd_enable: true
2018-09-08 09:14:39 +02:00
2014-12-22 10:25:31 +01:00
# Don't apply OS defaults when set to true
sshd_skip_defaults: false
# If the below is false, don't manage the service or reload the SSH
# daemon at all
2017-05-04 15:31:26 +02:00
sshd_manage_service: true
# If the below is false, don't reload the ssh daemon on change
sshd_allow_reload: true
# If the below is true, also install service files from the templates pointed
# to by the `sshd_service_template_*` variables
sshd_install_service: false
sshd_service_template_service: sshd.service.j2
sshd_service_template_at_service: sshd@.service.j2
sshd_service_template_socket: sshd.socket.j2
# If the below is true, create a backup of the config file when the template is copied
sshd_backup: true
2018-08-25 23:48:09 +02:00
# If the below is true, also install the sysconfig file with the below options
# (useful only on Fedora and RHEL)
sshd_sysconfig: false
# If the below is true the role will override also crypto policy configuration
sshd_sysconfig_override_crypto_policy: false
# If the below is set to non-zero value, the OpenSSL random generator is
# reseeded with the given amount of random bytes (from getrandom(2)
# with GRND_RANDOM or /dev/random). Minimum is 14 bytes when enabled.
2020-11-06 12:15:50 +01:00
# This is not recommended to enable if you do not have hardware random number
# generator
sshd_sysconfig_use_strong_rng: 0
2014-12-22 10:25:31 +01:00
# Empty dicts to avoid errors
sshd: {}
# The path to sshd_config file. This is useful when creating an included
# configuration file snippet or configuring second sshd service
2021-06-02 14:21:40 +02:00
sshd_config_file: "{{ __sshd_config_file }}"
2014-12-22 10:25:31 +01:00
### VARS DEFAULTS
### The following are defaults for OS specific configuration in var files in
### this role. They should not be set directly by role users.
sshd_packages: []
2021-06-02 14:21:40 +02:00
sshd_config_owner: "{{ __sshd_config_owner }}"
sshd_config_group: "{{ __sshd_config_group }}"
sshd_config_mode: "{{ __sshd_config_mode }}"
sshd_binary: /usr/sbin/sshd
sshd_service: sshd
sshd_sftp_server: /usr/lib/openssh/sftp-server
# This lists by default all hostkeys as rendered in the generated configuration
# file ("auto"). Before attempting to run sshd (either for verification of
# configuration or restarting), we make sure the keys exist and have correct
# permissions. To disable this check, set sshd_verify_hostkeys to false
sshd_verify_hostkeys: "auto"
# The list of hostkeys to check when there are none listed in configuration file.
# This is usually the case when the selection is up to the OpenSSH defaults or
# drop-in directory is used.
__sshd_verify_hostkeys_default: []
2021-06-02 14:21:40 +02:00
sshd_hostkey_owner: "{{ __sshd_hostkey_owner }}"
sshd_hostkey_group: "{{ __sshd_hostkey_group }}"
sshd_hostkey_mode: "{{ __sshd_hostkey_mode }}"
# instead of replacing the whole configuration file, just add a specified
# snippet
sshd_config_namespace: null
### These variables are used by role internals and should not be used.
__sshd_defaults: {}
__sshd_os_supported: no
__sshd_sysconfig_supports_crypto_policy: false
__sshd_sysconfig_supports_use_strong_rng: false
__sshd_runtime_directory: false
__sshd_runtime_directory_mode: "0755"
# If the system supports drop-in directory, it is configured in this variable. It is used
# to distinguish if we are writing a configuration snippet or we should write defaults.
__sshd_drop_in_dir: false
# this is the path to the main sshd_config which is checked for Include directive when
# drop-in directory is used
__sshd_main_config_file: false