Skip defaults when appending configuration

README.md

@@ -53,7 +53,8 @@ If set to *false*, the role will be completely disabled. Defaults to *true*.
 
 If set to *true*, don't apply default values. This means that you must have a
 complete set of configuration defaults via either the `sshd` dict, or
-`sshd_Key` variables. Defaults to *false*.
+`sshd_Key` variables. Defaults to *false* unless `sshd_namespace_append` is
+set.
 
 * `sshd_manage_service`
 
@@ -161,7 +162,8 @@ This is useful mostly when generating configuration snippets to Include.
 By default (*null*), the role defines whole content of the configuration file
 including system defaults. You can use this variable to invoke this role from
 other roles or from multiple places in a single playbook on systems that do not
-support drop-in directory.
+support drop-in directory. The `sshd_skip_defaults` is ignored and no system
+defaults are used in this case.
 
 When this variable is set, the role places the configuration that you specify
 to configuration snippets in a existing configuration file under the given
@@ -301,6 +303,33 @@ for example:
             X11Forwarding: yes
 ```
 
+You can just append a configuration snippet with the `sshd_namespace_append`
+option:
+```
+---
+- hosts: all
+  tasks:
+  - name: Configure sshd to accept some useful environment variables
+    include_role:
+      name: ansible-sshd
+    vars:
+      sshd_namespace_append: accept-env
+      sshd:
+        # there are some handy environment variables to accept
+        AcceptEnv:
+          LANG
+          LS_COLORS
+          EDITOR
+```
+The following snippet will be appended to the default configuration file:
+```
+# BEGIN sshd system role managed block: namespace accept-env
+Match all
+  AcceptEnv LANG LS_COLORS EDITOR
+# END sshd system role managed block: namespace accept-env
+```
+
+
 More example playbooks can be found in [`examples/`](examples/) directory.
 
 Template Generation

examples/example-accept-env.yml

@@ -6,7 +6,6 @@
       name: ansible-sshd
     vars:
       sshd_namespace_append: accept-env
-      sshd_skip_defaults: true
       sshd:
         # there are some handy environment variables to accept
         AcceptEnv:

tasks/install.yml

@@ -119,6 +119,8 @@
       when: sshd_namespace_append is none
 
     - name: Update configuration file snippet
+      vars:
+        sshd_skip_defaults: true
       blockinfile:
         path: "{{ sshd_config_file }}"
         owner: "{{ sshd_config_owner }}"

tests/tests_namespace_append.yml

@@ -12,7 +12,6 @@
         name: ansible-sshd
       vars:
         sshd_config_file: /etc/ssh/sshd_config
-        sshd_skip_defaults: true
         sshd_namespace_append: nm1
         sshd:
           AcceptEnv: EDITOR
@@ -26,7 +25,6 @@
         name: ansible-sshd
       vars:
         sshd_config_file: /etc/ssh/sshd_config
-        sshd_skip_defaults: true
         sshd_namespace_append: nm2
         sshd:
           AcceptEnv: LS_COLORS