Merge pull request #135 from Jakuje/cleanup

Cleanup lint issues, update documentation, fix typos
2024-09-19 23:11:32 +02:00 · 2020-09-23 21:28:53 +01:00 · 2020-09-23 21:28:53 +01:00 · b598348356
commit b598348356
parent 5317dd72cb 12e8b0aebc
12 changed files with 123 additions and 108 deletions
--- a/.github/workflows/ansible-lint.yml
+++ b/.github/workflows/ansible-lint.yml
@ -21,7 +21,7 @@ jobs:
      - name: Lint Ansible Playbook
        uses: ansible/ansible-lint-action@master
        with:
-        targets: "tests/test_*.yml"
+          targets: "tests/test_*.yml
          override-deps: |
            ansible==2.9
          args: ""
@ -36,3 +36,4 @@ jobs:
          override-deps: |
            ansible==2.10
          args: ""
+
--- a/README.md
+++ b/README.md
@ -21,18 +21,18 @@ before using in production!
 Ubuntu. This is not the default assigned by this module - it will set
 `PermitRootLogin without-password` which will allow access via SSH key but not
 via simple password. If you need this functionality, be sure to set
-`ssh_PermitRootLogin yes` for those hosts.
+`sshd_PermitRootLogin yes` for those hosts.

 Requirements
 ------------

 Tested on:

-* Ubuntu precise, trusty
-* Debian wheezy, jessie
+* Ubuntu precise, trusty, xenial, bionic, focal
+* Debian wheezy, jessie, stretch, buster
 * FreeBSD 10.1
-* EL 6,7 derived distributions
-* Fedora 22, 23
+* EL 6, 7, 8 derived distributions
+* Fedora 31, 32, 33
 * OpenBSD 6.0
 * AIX 7.1, 7.2

@ -97,7 +97,7 @@ sshd:
    - 0.0.0.0
 ```

-* `ssh_...`
+* `sshd_...`

 Simple variables can be used rather than a dict. Simple values override dict
 values. e.g.:
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -1,7 +1,7 @@
 ---
 ### USER OPTIONS
-# Set to False to disable this role completely
-sshd_enable: True
+# Set to false to disable this role completely
+sshd_enable: true

 # Don't apply OS defaults when set to true
 sshd_skip_defaults: false
@ -21,7 +21,7 @@ sshd_service_template_socket: sshd.socket.j2
 sshd_allow_reload: true

 # If the below is true, create a backup of the config file when the template is copied
-sshd_backup: false
+sshd_backup: true

 # Empty dicts to avoid errors
 sshd: {}
--- a/meta/main.yml
+++ b/meta/main.yml
@ -29,8 +29,9 @@ galaxy_info:
        - 8
    - name: Fedora
      versions:
-    - 22
-    - 23
+        - 31
+        - 32
+        - 33
    - name: OpenBSD
      versions:
        - 6.0
--- a/vars/AIX.yml
+++ b/vars/AIX.yml
@ -1,6 +1,8 @@
 ---
 __sshd_config_mode: '0644'
-__sshd_packages: [ ] # sshd is not installed by yum / AIX toolbox for Linux.  You'll need to manually install them using AIX Web Download Packs.
+# sshd is not installed by yum / AIX toolbox for Linux.
+# You'll need to manually install them using AIX Web Download Packs.
+__sshd_packages: []
 __sshd_sftp_server: /usr/sbin/sftp-server
 __sshd_config_group: system
 __sshd_defaults:
--- a/vars/Fedora.yml
+++ b/vars/Fedora.yml
@ -3,23 +3,9 @@ __sshd_packages:
  - openssh
  - openssh-server
 __sshd_sftp_server: /usr/libexec/openssh/sftp-server
+# Fedora 32 ships with drop-in directory support so we touch
+# just included file with highest priority by default and have
+# empty defaults
+__sshd_config_file: /etc/ssh/sshd_config.d/00-ansible_system_role.conf
 __sshd_defaults:
-  HostKey:
-    - /etc/ssh/ssh_host_rsa_key
-    - /etc/ssh/ssh_host_ecdsa_key
-    - /etc/ssh/ssh_host_ed25519_key
-  SyslogFacility: AUTHPRIV
-  AuthorizedKeysFile: .ssh/authorized_keys
-  PasswordAuthentication: yes
-  ChallengeResponseAuthentication: no
-  GSSAPIAuthentication: yes
-  GSSAPICleanupCredentials: no
-  UsePAM: yes
-  X11Forwarding: yes
-  AcceptEnv:
-    - LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
-    - LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
-    - LC_IDENTIFICATION LC_ALL LANGUAGE
-    - XMODIFIERS
-  Subsystem: "sftp {{ sshd_sftp_server }}"
 __sshd_os_supported: yes
--- a/vars/Fedora_31.yml
+++ b/vars/Fedora_31.yml
@ -0,0 +1,25 @@
+---
+__sshd_packages:
+  - openssh
+  - openssh-server
+__sshd_sftp_server: /usr/libexec/openssh/sftp-server
+__sshd_defaults:
+  HostKey:
+    - /etc/ssh/ssh_host_rsa_key
+    - /etc/ssh/ssh_host_ecdsa_key
+    - /etc/ssh/ssh_host_ed25519_key
+  SyslogFacility: AUTHPRIV
+  AuthorizedKeysFile: .ssh/authorized_keys
+  PasswordAuthentication: yes
+  ChallengeResponseAuthentication: no
+  GSSAPIAuthentication: yes
+  GSSAPICleanupCredentials: no
+  UsePAM: yes
+  X11Forwarding: yes
+  AcceptEnv:
+    - LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
+    - LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
+    - LC_IDENTIFICATION LC_ALL LANGUAGE
+    - XMODIFIERS
+  Subsystem: "sftp {{ sshd_sftp_server }}"
+__sshd_os_supported: yes
--- a/vars/RedHat_7.yml
+++ b/vars/RedHat_7.yml
@ -13,7 +13,7 @@ __sshd_defaults:
  PasswordAuthentication: yes
  ChallengeResponseAuthentication: no
  GSSAPIAuthentication: yes
-  GSSAPICleanupCredentials: yes
+  GSSAPICleanupCredentials: no
  # Note that UsePAM: no is not supported under RHEL/CentOS. See
  # https://github.com/willshersystems/ansible-sshd/pull/51#issuecomment-287333218
  UsePAM: yes