mirror of
https://github.com/willshersystems/ansible-sshd
synced 2024-12-23 00:50:18 +01:00
Moves internal non-overridable variables out of defaults
This commit is contained in:
parent
d5b2f8df02
commit
db39a733aa
8 changed files with 43 additions and 52 deletions
|
@ -37,7 +37,6 @@ sshd_sysconfig_override_crypto_policy: false
|
|||
# generator
|
||||
sshd_sysconfig_use_strong_rng: 0
|
||||
|
||||
|
||||
# Empty dicts to avoid errors
|
||||
sshd: {}
|
||||
|
||||
|
@ -47,7 +46,9 @@ sshd_config_file: "{{ __sshd_config_file }}"
|
|||
|
||||
### VARS DEFAULTS
|
||||
### The following are defaults for OS specific configuration in var files in
|
||||
### this role. They should not be set directly by role users.
|
||||
### this role. They should not be set directly by role users, unless they know
|
||||
### what they are doing, e.g. installing extra packages or installing an
|
||||
### alternative SystemD service file
|
||||
sshd_packages: "{{ __sshd_packages }}"
|
||||
sshd_config_owner: "{{ __sshd_config_owner }}"
|
||||
sshd_config_group: "{{ __sshd_config_group }}"
|
||||
|
@ -62,10 +63,7 @@ sshd_sftp_server: "{{ __sshd_sftp_server }}"
|
|||
# configuration or restarting), we make sure the keys exist and have correct
|
||||
# permissions. To disable this check, set sshd_verify_hostkeys to false
|
||||
sshd_verify_hostkeys: "auto"
|
||||
# The list of hostkeys to check when there are none listed in configuration file.
|
||||
# This is usually the case when the selection is up to the OpenSSH defaults or
|
||||
# drop-in directory is used.
|
||||
__sshd_verify_hostkeys_default: []
|
||||
|
||||
sshd_hostkey_owner: "{{ __sshd_hostkey_owner }}"
|
||||
sshd_hostkey_group: "{{ __sshd_hostkey_group }}"
|
||||
sshd_hostkey_mode: "{{ __sshd_hostkey_mode }}"
|
||||
|
@ -73,19 +71,3 @@ sshd_hostkey_mode: "{{ __sshd_hostkey_mode }}"
|
|||
# instead of replacing the whole configuration file, just add a specified
|
||||
# snippet
|
||||
sshd_config_namespace: null
|
||||
|
||||
### These variables are used by role internals and should not be used.
|
||||
__sshd_defaults: {}
|
||||
__sshd_os_supported: no
|
||||
__sshd_sysconfig_supports_crypto_policy: false
|
||||
__sshd_sysconfig_supports_use_strong_rng: false
|
||||
|
||||
__sshd_runtime_directory: false
|
||||
__sshd_runtime_directory_mode: "0755"
|
||||
|
||||
# If the system supports drop-in directory, it is configured in this variable. It is used
|
||||
# to distinguish if we are writing a configuration snippet or we should write defaults.
|
||||
__sshd_drop_in_dir: false
|
||||
# this is the path to the main sshd_config which is checked for Include directive when
|
||||
# drop-in directory is used
|
||||
__sshd_main_config_file: false
|
||||
|
|
|
@ -1,9 +0,0 @@
|
|||
---
|
||||
- name: Ensure ansible_facts used by role
|
||||
ansible.builtin.setup:
|
||||
gather_subset: min
|
||||
when: not ansible_facts.keys() | list |
|
||||
intersect(__sshd_required_facts) == __sshd_required_facts
|
||||
|
||||
- name: Include common vars
|
||||
ansible.builtin.include_vars: vars/common.yml
|
|
@ -1,7 +1,4 @@
|
|||
---
|
||||
- name: Set common variables and ensure basic facts are gathered
|
||||
ansible.builtin.include_tasks: set_common_vars.yml
|
||||
|
||||
- name: Set platform/version specific variables
|
||||
ansible.builtin.include_tasks: variables.yml
|
||||
|
||||
|
|
|
@ -1,6 +1,9 @@
|
|||
---
|
||||
- name: Set common vars
|
||||
ansible.builtin.include_vars: vars/common.yml
|
||||
- name: Ensure ansible_facts used by role
|
||||
ansible.builtin.setup:
|
||||
gather_subset: min
|
||||
when: not ansible_facts.keys() | list |
|
||||
intersect(__sshd_required_facts) == __sshd_required_facts
|
||||
|
||||
- name: Set OS dependent variables
|
||||
ansible.builtin.include_vars: "{{ lookup('first_found', params) }}"
|
||||
|
@ -24,7 +27,7 @@
|
|||
- "{{ ansible_os_family }}_{{ ansible_distribution_major_version }}.yml"
|
||||
- "{{ ansible_distribution }}.yml"
|
||||
- "{{ ansible_os_family }}.yml"
|
||||
- default.yml
|
||||
- main.yml # fallback, vars/main.yml is always loaded by Ansible
|
||||
paths:
|
||||
- "{{ role_path }}/vars"
|
||||
- "{{ playbook_dir }}/vars"
|
||||
|
|
|
@ -26,10 +26,8 @@
|
|||
- __sshd_test_backup.path is defined
|
||||
|
||||
- name: Include common variables
|
||||
ansible.builtin.include_role:
|
||||
name: ansible-sshd
|
||||
tasks_from: set_common_vars.yml
|
||||
public: true
|
||||
ansible.builtin.include_vars:
|
||||
file: ../../vars/main.yml
|
||||
|
||||
- name: Restart sshd service
|
||||
ansible.builtin.service:
|
||||
|
|
|
@ -1,10 +0,0 @@
|
|||
__sshd_skip_virt_env:
|
||||
- docker
|
||||
- podman
|
||||
- container
|
||||
- containerd
|
||||
- VirtualPC
|
||||
|
||||
__sshd_binary: /usr/sbin/sshd
|
||||
__sshd_service: sshd
|
||||
__sshd_sftp_server: /usr/lib/openssh/sftp-server
|
|
@ -1 +0,0 @@
|
|||
---
|
|
@ -14,3 +14,34 @@ __sshd_required_facts:
|
|||
- distribution
|
||||
- distribution_major_version
|
||||
- os_family
|
||||
|
||||
__sshd_skip_virt_env:
|
||||
- docker
|
||||
- podman
|
||||
- container
|
||||
- containerd
|
||||
- VirtualPC
|
||||
|
||||
__sshd_binary: /usr/sbin/sshd
|
||||
__sshd_service: sshd
|
||||
__sshd_sftp_server: /usr/lib/openssh/sftp-server
|
||||
|
||||
__sshd_defaults: {}
|
||||
__sshd_os_supported: no
|
||||
__sshd_sysconfig_supports_crypto_policy: false
|
||||
__sshd_sysconfig_supports_use_strong_rng: false
|
||||
|
||||
__sshd_runtime_directory: false
|
||||
__sshd_runtime_directory_mode: "0755"
|
||||
|
||||
# If the system supports drop-in directory, it is configured in this variable. It is used
|
||||
# to distinguish if we are writing a configuration snippet or we should write defaults.
|
||||
__sshd_drop_in_dir: false
|
||||
# this is the path to the main sshd_config which is checked for Include directive when
|
||||
# drop-in directory is used
|
||||
__sshd_main_config_file: false
|
||||
|
||||
# The list of hostkeys to check when there are none listed in configuration file.
|
||||
# This is usually the case when the selection is up to the OpenSSH defaults or
|
||||
# drop-in directory is used.
|
||||
__sshd_verify_hostkeys_default: []
|
||||
|
|
Loading…
Reference in a new issue