Merge pull request #135 from Jakuje/cleanup

Cleanup lint issues, update documentation, fix typos

.github/workflows/ansible-lint.yml

@@ -21,7 +21,7 @@ jobs:
       - name: Lint Ansible Playbook
         uses: ansible/ansible-lint-action@master
         with:
-        targets: "tests/test_*.yml"
+          targets: "tests/test_*.yml
           override-deps: |
             ansible==2.9
           args: ""
@@ -36,3 +36,4 @@ jobs:
           override-deps: |
             ansible==2.10
           args: ""
+

README.md

@@ -21,18 +21,18 @@ before using in production!
 Ubuntu. This is not the default assigned by this module - it will set
 `PermitRootLogin without-password` which will allow access via SSH key but not
 via simple password. If you need this functionality, be sure to set
-`ssh_PermitRootLogin yes` for those hosts.
+`sshd_PermitRootLogin yes` for those hosts.
 
 Requirements
 ------------
 
 Tested on:
 
-* Ubuntu precise, trusty
+* Ubuntu precise, trusty, xenial, bionic, focal
-* Debian wheezy, jessie
+* Debian wheezy, jessie, stretch, buster
 * FreeBSD 10.1
-* EL 6,7 derived distributions
+* EL 6, 7, 8 derived distributions
-* Fedora 22, 23
+* Fedora 31, 32, 33
 * OpenBSD 6.0
 * AIX 7.1, 7.2
 
@@ -97,7 +97,7 @@ sshd:
     - 0.0.0.0
 ```
 
-* `ssh_...`
+* `sshd_...`
 
 Simple variables can be used rather than a dict. Simple values override dict
 values. e.g.:

defaults/main.yml

@@ -1,7 +1,7 @@
 ---
 ### USER OPTIONS
-# Set to False to disable this role completely
+# Set to false to disable this role completely
-sshd_enable: True
+sshd_enable: true
 
 # Don't apply OS defaults when set to true
 sshd_skip_defaults: false
@@ -21,7 +21,7 @@ sshd_service_template_socket: sshd.socket.j2
 sshd_allow_reload: true
 
 # If the below is true, create a backup of the config file when the template is copied
-sshd_backup: false
+sshd_backup: true
 
 # Empty dicts to avoid errors
 sshd: {}

meta/main.yml

@@ -29,8 +29,9 @@ galaxy_info:
         - 8
     - name: Fedora
       versions:
-    - 22
+        - 31
-    - 23
+        - 32
+        - 33
     - name: OpenBSD
       versions:
         - 6.0

vars/AIX.yml

@@ -1,6 +1,8 @@
 ---
 __sshd_config_mode: '0644'
-__sshd_packages: [ ] # sshd is not installed by yum / AIX toolbox for Linux.  You'll need to manually install them using AIX Web Download Packs.
+# sshd is not installed by yum / AIX toolbox for Linux.
+# You'll need to manually install them using AIX Web Download Packs.
+__sshd_packages: []
 __sshd_sftp_server: /usr/sbin/sftp-server
 __sshd_config_group: system
 __sshd_defaults:

vars/Fedora.yml

@@ -3,23 +3,9 @@ __sshd_packages:
   - openssh
   - openssh-server
 __sshd_sftp_server: /usr/libexec/openssh/sftp-server
+# Fedora 32 ships with drop-in directory support so we touch
+# just included file with highest priority by default and have
+# empty defaults
+__sshd_config_file: /etc/ssh/sshd_config.d/00-ansible_system_role.conf
 __sshd_defaults:
-  HostKey:
-    - /etc/ssh/ssh_host_rsa_key
-    - /etc/ssh/ssh_host_ecdsa_key
-    - /etc/ssh/ssh_host_ed25519_key
-  SyslogFacility: AUTHPRIV
-  AuthorizedKeysFile: .ssh/authorized_keys
-  PasswordAuthentication: yes
-  ChallengeResponseAuthentication: no
-  GSSAPIAuthentication: yes
-  GSSAPICleanupCredentials: no
-  UsePAM: yes
-  X11Forwarding: yes
-  AcceptEnv:
-    - LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
-    - LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
-    - LC_IDENTIFICATION LC_ALL LANGUAGE
-    - XMODIFIERS
-  Subsystem: "sftp {{ sshd_sftp_server }}"
 __sshd_os_supported: yes

vars/Fedora_31.yml

@@ -0,0 +1,25 @@
+---
+__sshd_packages:
+  - openssh
+  - openssh-server
+__sshd_sftp_server: /usr/libexec/openssh/sftp-server
+__sshd_defaults:
+  HostKey:
+    - /etc/ssh/ssh_host_rsa_key
+    - /etc/ssh/ssh_host_ecdsa_key
+    - /etc/ssh/ssh_host_ed25519_key
+  SyslogFacility: AUTHPRIV
+  AuthorizedKeysFile: .ssh/authorized_keys
+  PasswordAuthentication: yes
+  ChallengeResponseAuthentication: no
+  GSSAPIAuthentication: yes
+  GSSAPICleanupCredentials: no
+  UsePAM: yes
+  X11Forwarding: yes
+  AcceptEnv:
+    - LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
+    - LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
+    - LC_IDENTIFICATION LC_ALL LANGUAGE
+    - XMODIFIERS
+  Subsystem: "sftp {{ sshd_sftp_server }}"
+__sshd_os_supported: yes

vars/RedHat_7.yml

@@ -13,9 +13,9 @@ __sshd_defaults:
   PasswordAuthentication: yes
   ChallengeResponseAuthentication: no
   GSSAPIAuthentication: yes
-  GSSAPICleanupCredentials: yes
+  GSSAPICleanupCredentials: no
-# Note that UsePAM: no is not supported under RHEL/CentOS. See
+  # Note that UsePAM: no is not supported under RHEL/CentOS. See
-# https://github.com/willshersystems/ansible-sshd/pull/51#issuecomment-287333218
+  # https://github.com/willshersystems/ansible-sshd/pull/51#issuecomment-287333218
   UsePAM: yes
   X11Forwarding: yes
   UsePrivilegeSeparation: sandbox

vars/RedHat_8.yml

@@ -14,8 +14,8 @@ __sshd_defaults:
   ChallengeResponseAuthentication: no
   GSSAPIAuthentication: yes
   GSSAPICleanupCredentials: no
-# Note that UsePAM: no is not supported under RHEL/CentOS. See
+  # Note that UsePAM: no is not supported under RHEL/CentOS. See
-# https://github.com/willshersystems/ansible-sshd/pull/51#issuecomment-287333218
+  # https://github.com/willshersystems/ansible-sshd/pull/51#issuecomment-287333218
   UsePAM: yes
   X11Forwarding: yes
   PrintMotd: no