Fixes un-overrideable public api variables

defaults/main.yml

@@ -48,13 +48,14 @@ sshd_config_file: "{{ __sshd_config_file }}"
 ### VARS DEFAULTS
 ### The following are defaults for OS specific configuration in var files in
 ### this role. They should not be set directly by role users.
-sshd_packages: []
+sshd_packages: "{{ __sshd_packages }}"
 sshd_config_owner: "{{ __sshd_config_owner }}"
 sshd_config_group: "{{ __sshd_config_group }}"
 sshd_config_mode: "{{ __sshd_config_mode }}"
-sshd_binary: /usr/sbin/sshd
-sshd_service: sshd
-sshd_sftp_server: /usr/lib/openssh/sftp-server
+sshd_service: "{{ __sshd_service }}"
+sshd_binary: "{{ __sshd_binary }}"
+sshd_service: "{{ __sshd_service }}"
+sshd_sftp_server: "{{ __sshd_sftp_server }}"
 
 # This lists by default all hostkeys as rendered in the generated configuration
 # file ("auto"). Before attempting to run sshd (either for verification of

vars/AIX.yml

@@ -2,11 +2,11 @@
 __sshd_config_mode: '0644'
 # sshd is not installed by yum / AIX toolbox for Linux.
 # You'll need to manually install them using AIX Web Download Packs.
-sshd_packages: []
-sshd_sftp_server: /usr/sbin/sftp-server
+__sshd_packages: []
+__sshd_sftp_server: /usr/sbin/sftp-server
 __sshd_config_group: system
 __sshd_defaults:
-  Subsystem: "sftp {{ sshd_sftp_server }}"
+  Subsystem: "sftp {{ __sshd_sftp_server }}"
 __sshd_os_supported: yes
 
 sshd_install_service: no

vars/Amazon.yml

@@ -1,9 +1,9 @@
 ---
 __sshd_config_mode: '0644'
-sshd_packages:
+__sshd_packages:
   - openssh
   - openssh-server
-sshd_sftp_server: /usr/libexec/openssh/sftp-server
+__sshd_sftp_server: /usr/libexec/openssh/sftp-server
 __sshd_defaults:
   SyslogFacility: AUTHPRIV
   PermitRootLogin: forced-commands-only
@@ -19,5 +19,5 @@ __sshd_defaults:
     - LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
     - LC_IDENTIFICATION LC_ALL LANGUAGE
     - XMODIFIERS
-  Subsystem: "sftp {{ sshd_sftp_server }}"
+  Subsystem: "sftp {{ __sshd_sftp_server }}"
 __sshd_os_supported: yes

vars/Arch Linux.yml

@@ -1 +0,0 @@
-Archlinux.yml

vars/Arch Linux.yml

@@ -0,0 +1,11 @@
+---
+__sshd_packages:
+  - openssh
+__sshd_sftp_server: /usr/lib/ssh/sftp-server
+__sshd_defaults:
+  AuthorizedKeysFile: .ssh/authorized_keys
+  ChallengeResponseAuthentication: no
+  PrintMotd: no
+  Subsystem: "sftp {{ __sshd_sftp_server }}"
+  UsePAM: yes
+__sshd_os_supported: yes

vars/Archlinux.yml

@@ -1,11 +1,11 @@
 ---
-sshd_packages:
+__sshd_packages:
   - openssh
-sshd_sftp_server: /usr/lib/ssh/sftp-server
+__sshd_sftp_server: /usr/lib/ssh/sftp-server
 __sshd_defaults:
   AuthorizedKeysFile: .ssh/authorized_keys
   ChallengeResponseAuthentication: no
   PrintMotd: no
-  Subsystem: "sftp {{ sshd_sftp_server }}"
+  Subsystem: "sftp {{ __sshd_sftp_server }}"
   UsePAM: yes
 __sshd_os_supported: yes

vars/Container Linux by CoreOS.yml

@@ -1,10 +1,10 @@
 ---
 # There is no package manager in CoreOS
-sshd_packages: []
-sshd_service: sshd
-sshd_sftp_server: internal-sftp
+__sshd_packages: []
+__sshd_service: sshd
+__sshd_sftp_server: internal-sftp
 __sshd_defaults:
-  Subsystem: "sftp {{ sshd_sftp_server }}"
+  Subsystem: "sftp {{ __sshd_sftp_server }}"
   ClientAliveInterval: 180
   UseDNS: no
   UsePAM: yes

vars/Debian.yml

@@ -1,6 +1,6 @@
 ---
-sshd_service: ssh
-sshd_packages:
+__sshd_service: ssh
+__sshd_packages:
   - openssh-server
 __sshd_config_mode: "0644"
 __sshd_defaults:
@@ -31,7 +31,7 @@ __sshd_defaults:
   PrintLastLog: yes
   TCPKeepAlive: yes
   AcceptEnv: LANG LC_*
-  Subsystem: "sftp {{ sshd_sftp_server }}"
+  Subsystem: "sftp {{ __sshd_sftp_server }}"
   UsePAM: yes
 __sshd_os_supported: yes
 __sshd_runtime_directory: /run/sshd

vars/Debian_10.yml

@@ -1,6 +1,6 @@
 ---
-sshd_service: ssh
-sshd_packages:
+__sshd_service: ssh
+__sshd_packages:
   - openssh-server
   - openssh-sftp-server
 __sshd_config_mode: "0644"
@@ -9,7 +9,7 @@ __sshd_defaults:
   X11Forwarding: yes
   PrintMotd: no
   AcceptEnv: LANG LC_*
-  Subsystem: "sftp {{ sshd_sftp_server }}"
+  Subsystem: "sftp {{ __sshd_sftp_server }}"
   UsePAM: yes
 __sshd_os_supported: yes
 __sshd_runtime_directory: /run/sshd

vars/Debian_11.yml

@@ -1,6 +1,6 @@
 ---
-sshd_service: ssh
-sshd_packages:
+__sshd_service: ssh
+__sshd_packages:
   - openssh-server
   - openssh-sftp-server
 __sshd_config_mode: "0644"
@@ -9,7 +9,7 @@ __sshd_defaults:
   X11Forwarding: yes
   PrintMotd: no
   AcceptEnv: LANG LC_*
-  Subsystem: "sftp {{ sshd_sftp_server }}"
+  Subsystem: "sftp {{ __sshd_sftp_server }}"
   UsePAM: yes
 __sshd_os_supported: yes
 __sshd_runtime_directory: /run/sshd

vars/Debian_8.yml

@@ -1,6 +1,6 @@
 ---
-sshd_service: ssh
-sshd_packages:
+__sshd_service: ssh
+__sshd_packages:
   - openssh-server
   - openssh-sftp-server
 __sshd_config_mode: "0644"
@@ -33,7 +33,7 @@ __sshd_defaults:
   PrintLastLog: yes
   TCPKeepAlive: yes
   AcceptEnv: LANG LC_*
-  Subsystem: "sftp {{ sshd_sftp_server }}"
+  Subsystem: "sftp {{ __sshd_sftp_server }}"
   UsePAM: yes
 __sshd_os_supported: yes
 __sshd_runtime_directory: /run/sshd

vars/Debian_9.yml

@@ -1,6 +1,6 @@
 ---
-sshd_service: ssh
-sshd_packages:
+__sshd_service: ssh
+__sshd_packages:
   - openssh-server
   - openssh-sftp-server
 __sshd_config_mode: "0644"
@@ -9,7 +9,7 @@ __sshd_defaults:
   X11Forwarding: yes
   PrintMotd: no
   AcceptEnv: LANG LC_*
-  Subsystem: "sftp {{ sshd_sftp_server }}"
+  Subsystem: "sftp {{ __sshd_sftp_server }}"
   UsePAM: yes
 __sshd_os_supported: yes
 __sshd_runtime_directory: /run/sshd

vars/Fedora.yml

@@ -1,10 +1,10 @@
 ---
 __sshd_os_supported: yes
 
-sshd_packages:
+__sshd_packages:
   - openssh
   - openssh-server
-sshd_sftp_server: /usr/libexec/openssh/sftp-server
+__sshd_sftp_server: /usr/libexec/openssh/sftp-server
 # Fedora 32 ships with drop-in directory support so we touch
 # just included file with highest priority by default
 __sshd_config_file: /etc/ssh/sshd_config.d/00-ansible_system_role.conf

vars/Fedora_31.yml

@@ -1,8 +1,8 @@
 ---
-sshd_packages:
+__sshd_packages:
   - openssh
   - openssh-server
-sshd_sftp_server: /usr/libexec/openssh/sftp-server
+__sshd_sftp_server: /usr/libexec/openssh/sftp-server
 __sshd_defaults:
   HostKey:
     - /etc/ssh/ssh_host_rsa_key
@@ -21,7 +21,7 @@ __sshd_defaults:
     - LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
     - LC_IDENTIFICATION LC_ALL LANGUAGE
     - XMODIFIERS
-  Subsystem: "sftp {{ sshd_sftp_server }}"
+  Subsystem: "sftp {{ __sshd_sftp_server }}"
 __sshd_os_supported: yes
 __sshd_sysconfig_supports_crypto_policy: true
 __sshd_hostkey_group: ssh_keys

vars/FreeBSD.yml

@@ -1,7 +1,7 @@
 ---
 __sshd_config_group: wheel
 __sshd_config_mode: "0644"
-sshd_sftp_server: /usr/libexec/sftp-server
+__sshd_sftp_server: /usr/libexec/sftp-server
 __sshd_defaults:
-  Subsystem: "sftp {{ sshd_sftp_server }}"
+  Subsystem: "sftp {{ __sshd_sftp_server }}"
 __sshd_os_supported: yes

vars/Gentoo.yml

@@ -1,9 +1,9 @@
 ---
-sshd_packages:
+__sshd_packages:
   - net-misc/openssh
-sshd_sftp_server: /usr/lib64/misc/sftp-server
+__sshd_sftp_server: /usr/lib64/misc/sftp-server
 __sshd_defaults:
-  Subsystem: "sftp {{ sshd_sftp_server }}"
+  Subsystem: "sftp {{ __sshd_sftp_server }}"
   # Replace tcp keepalive with unspoofable keepalive
   TCPKeepAlive: no
   ClientAliveInterval: 300

vars/OpenBSD.yml

@@ -1,9 +1,9 @@
 ---
 __sshd_config_group: wheel
 __sshd_config_mode: "0600"
-sshd_sftp_server: /usr/libexec/sftp-server
+__sshd_sftp_server: /usr/libexec/sftp-server
 __sshd_defaults:
   AuthorizedKeysFile: .ssh/authorized_keys
-  Subsystem: "sftp {{ sshd_sftp_server }}"
+  Subsystem: "sftp {{ __sshd_sftp_server }}"
 __sshd_os_supported: yes
 __sshd_manage_var_run: no

vars/RedHat_6.yml

@@ -1,8 +1,8 @@
 ---
-sshd_packages:
+__sshd_packages:
   - openssh
   - openssh-server
-sshd_sftp_server: /usr/libexec/openssh/sftp-server
+__sshd_sftp_server: /usr/libexec/openssh/sftp-server
 __sshd_defaults:
   HostKey:
     - /etc/ssh/ssh_host_rsa_key
@@ -19,7 +19,7 @@ __sshd_defaults:
     - LC_IDENTIFICATION LC_ALL LANGUAGE
     - XMODIFIERS
   X11Forwarding: yes
-  Subsystem: "sftp {{ sshd_sftp_server }}"
+  Subsystem: "sftp {{ __sshd_sftp_server }}"
 __sshd_os_supported: yes
 __sshd_sysconfig_supports_use_strong_rng: true
 __sshd_compat_match_all: Match address *

vars/RedHat_7.yml

@@ -1,8 +1,8 @@
 ---
-sshd_packages:
+__sshd_packages:
   - openssh
   - openssh-server
-sshd_sftp_server: /usr/libexec/openssh/sftp-server
+__sshd_sftp_server: /usr/libexec/openssh/sftp-server
 __sshd_defaults:
   HostKey:
     - /etc/ssh/ssh_host_rsa_key
@@ -24,7 +24,7 @@ __sshd_defaults:
     - LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
     - LC_IDENTIFICATION LC_ALL LANGUAGE
     - XMODIFIERS
-  Subsystem: "sftp {{ sshd_sftp_server }}"
+  Subsystem: "sftp {{ __sshd_sftp_server }}"
 __sshd_os_supported: yes
 __sshd_sysconfig_supports_use_strong_rng: true
 __sshd_hostkey_group: ssh_keys

vars/RedHat_8.yml

@@ -1,8 +1,8 @@
 ---
-sshd_packages:
+__sshd_packages:
   - openssh
   - openssh-server
-sshd_sftp_server: /usr/libexec/openssh/sftp-server
+__sshd_sftp_server: /usr/libexec/openssh/sftp-server
 __sshd_defaults:
   HostKey:
     - /etc/ssh/ssh_host_rsa_key
@@ -25,7 +25,7 @@ __sshd_defaults:
     - LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
     - LC_IDENTIFICATION LC_ALL LANGUAGE
     - XMODIFIERS
-  Subsystem: "sftp {{ sshd_sftp_server }}"
+  Subsystem: "sftp {{ __sshd_sftp_server }}"
 __sshd_os_supported: yes
 __sshd_sysconfig_supports_use_strong_rng: true
 __sshd_sysconfig_supports_crypto_policy: true

vars/RedHat_9.yml

@@ -1,10 +1,10 @@
 ---
 __sshd_os_supported: yes
 
-sshd_packages:
+__sshd_packages:
   - openssh
   - openssh-server
-sshd_sftp_server: /usr/libexec/openssh/sftp-server
+__sshd_sftp_server: /usr/libexec/openssh/sftp-server
 # RHEL 9 ships with drop-in directory support so we touch
 # just included file with highest priority by default
 __sshd_config_file: /etc/ssh/sshd_config.d/00-ansible_system_role.conf

vars/Suse.yml

@@ -1,7 +1,7 @@
 ---
-sshd_packages:
+__sshd_packages:
   - openssh
-sshd_sftp_server: /usr/lib/ssh/sftp-server
+__sshd_sftp_server: /usr/lib/ssh/sftp-server
 __sshd_defaults:
   HostKey:
     - /etc/ssh/ssh_host_rsa_key
@@ -20,5 +20,5 @@ __sshd_defaults:
     - LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
     - LC_IDENTIFICATION LC_ALL LANGUAGE
     - XMODIFIERS
-  Subsystem: "sftp {{ sshd_sftp_server }}"
+  Subsystem: "sftp {{ __sshd_sftp_server }}"
 __sshd_os_supported: yes

vars/Ubuntu_12.yml

@@ -1,6 +1,6 @@
 ---
-sshd_service: ssh
-sshd_packages:
+__sshd_service: ssh
+__sshd_packages:
   - openssh-server
 __sshd_config_mode: "0644"
 __sshd_defaults:
@@ -31,6 +31,6 @@ __sshd_defaults:
   PrintLastLog: yes
   TCPKeepAlive: yes
   AcceptEnv: LANG LC_*
-  Subsystem: "sftp {{ sshd_sftp_server }}"
+  Subsystem: "sftp {{ __sshd_sftp_server }}"
   UsePAM: yes
 __sshd_os_supported: yes

vars/Ubuntu_14.yml

@@ -1,6 +1,6 @@
 ---
-sshd_service: ssh
-sshd_packages:
+__sshd_service: ssh
+__sshd_packages:
   - openssh-server
   - openssh-sftp-server
 __sshd_config_mode: "0644"
@@ -33,6 +33,6 @@ __sshd_defaults:
   PrintLastLog: yes
   TCPKeepAlive: yes
   AcceptEnv: LANG LC_*
-  Subsystem: "sftp {{ sshd_sftp_server }}"
+  Subsystem: "sftp {{ __sshd_sftp_server }}"
   UsePAM: yes
 __sshd_os_supported: yes

vars/Ubuntu_16.yml

@@ -1,6 +1,6 @@
 ---
-sshd_service: ssh
-sshd_packages:
+__sshd_service: ssh
+__sshd_packages:
   - openssh-server
   - openssh-sftp-server
 __sshd_config_mode: "0644"
@@ -34,7 +34,7 @@ __sshd_defaults:
   PrintLastLog: yes
   TCPKeepAlive: yes
   AcceptEnv: LANG LC_*
-  Subsystem: "sftp {{ sshd_sftp_server }}"
+  Subsystem: "sftp {{ __sshd_sftp_server }}"
   UsePAM: yes
   UseDNS: no
 __sshd_os_supported: yes

vars/Ubuntu_18.yml

@@ -1,6 +1,6 @@
 ---
-sshd_service: ssh
-sshd_packages:
+__sshd_service: ssh
+__sshd_packages:
   - openssh-server
   - openssh-sftp-server
 __sshd_config_mode: "0644"
@@ -11,6 +11,6 @@ __sshd_defaults:
   X11Forwarding: yes
   PrintMotd: no
   AcceptEnv: LANG LC_*
-  Subsystem: "sftp {{ sshd_sftp_server }}"
+  Subsystem: "sftp {{ __sshd_sftp_server }}"
 __sshd_os_supported: yes
 __sshd_runtime_directory: /run/sshd

vars/Ubuntu_20.yml

@@ -1,6 +1,6 @@
 ---
-sshd_service: ssh
-sshd_packages:
+__sshd_service: ssh
+__sshd_packages:
   - openssh-server
   - openssh-sftp-server
 __sshd_config_mode: "0644"

vars/Ubuntu_22.yml

@@ -1,8 +1,8 @@
 ---
 __sshd_os_supported: yes
 
-sshd_service: ssh
-sshd_packages:
+__sshd_service: ssh
+__sshd_packages:
   - openssh-server
   - openssh-sftp-server
 # Ubuntu 22.04 finally ships with drop-in directory support so we touch

vars/common.yml

@@ -4,3 +4,7 @@ __sshd_skip_virt_env:
   - container
   - containerd
   - VirtualPC
+
+__sshd_binary: /usr/sbin/sshd
+__sshd_service: sshd
+__sshd_sftp_server: /usr/lib/openssh/sftp-server

vars/openSUSE Leap_15.yml

@@ -1,7 +1,7 @@
 ---
-sshd_packages:
+__sshd_packages:
   - openssh
-sshd_sftp_server: /usr/lib/ssh/sftp-server
+__sshd_sftp_server: /usr/lib/ssh/sftp-server
 __sshd_defaults:
   AuthorizedKeysFile: .ssh/authorized_keys
   UsePAM: yes
@@ -10,5 +10,5 @@ __sshd_defaults:
     - LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
     - LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
     - LC_IDENTIFICATION LC_ALL
-  Subsystem: "sftp {{ sshd_sftp_server }}"
+  Subsystem: "sftp {{ __sshd_sftp_server }}"
 __sshd_os_supported: yes