Use proper variable precedence for configuratil file variables

2024-11-22 11:00:19 +01:00 · 2021-06-02 12:03:28 +02:00 · 2021-06-02 12:03:28 +02:00 · e8b751335e
commit e8b751335e
parent 17022bb46d
15 changed files with 21 additions and 21 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -43,15 +43,15 @@ sshd: {}

 # The path to sshd_config file. This is useful when creating an included
 # configuration file snippet or configuring second sshd service
-sshd_config_file: /etc/ssh/sshd_config
+sshd_config_file: "{{ __sshd_config_file | default('/etc/ssh/sshd_config') }}"

 ### VARS DEFAULTS
 ### The following are defaults for OS specific configuration in var files in
 ### this role. They should not be set directly by role users.
 sshd_packages: []
-sshd_config_owner: root
-sshd_config_group: root
-sshd_config_mode: "0600"
+sshd_config_owner: "{{ __sshd_config_owner | default('root') }}"
+sshd_config_group: "{{ __sshd_config_group | default('root') }}"
+sshd_config_mode: "{{ __sshd_config_mode | default('0600') }}"
 sshd_binary: /usr/sbin/sshd
 sshd_service: sshd
 sshd_sftp_server: /usr/lib/openssh/sftp-server
--- a/vars/AIX.yml
+++ b/vars/AIX.yml
@ -1,10 +1,10 @@
 ---
-sshd_config_mode: '0644'
+__sshd_config_mode: '0644'
 # sshd is not installed by yum / AIX toolbox for Linux.
 # You'll need to manually install them using AIX Web Download Packs.
 sshd_packages: []
 sshd_sftp_server: /usr/sbin/sftp-server
-sshd_config_group: system
+__sshd_config_group: system
 __sshd_defaults:
  Subsystem: "sftp {{ sshd_sftp_server }}"
 __sshd_os_supported: yes
--- a/vars/Amazon.yml
+++ b/vars/Amazon.yml
@ -1,5 +1,5 @@
 ---
-sshd_config_mode: '0644'
+__sshd_config_mode: '0644'
 sshd_packages:
  - openssh
  - openssh-server
--- a/vars/Debian.yml
+++ b/vars/Debian.yml
@ -2,7 +2,7 @@
 sshd_service: ssh
 sshd_packages:
  - openssh-server
-sshd_config_mode: "0644"
+__sshd_config_mode: "0644"
 __sshd_defaults:
  Port: 22
  Protocol: 2
--- a/vars/Debian_10.yml
+++ b/vars/Debian_10.yml
@ -3,7 +3,7 @@ sshd_service: ssh
 sshd_packages:
  - openssh-server
  - openssh-sftp-server
-sshd_config_mode: "0644"
+__sshd_config_mode: "0644"
 __sshd_defaults:
  ChallengeResponseAuthentication: no
  X11Forwarding: yes
--- a/vars/Debian_8.yml
+++ b/vars/Debian_8.yml
@ -3,7 +3,7 @@ sshd_service: ssh
 sshd_packages:
  - openssh-server
  - openssh-sftp-server
-sshd_config_mode: "0644"
+__sshd_config_mode: "0644"
 __sshd_defaults:
  Port: 22
  Protocol: 2
--- a/vars/Debian_9.yml
+++ b/vars/Debian_9.yml
@ -3,7 +3,7 @@ sshd_service: ssh
 sshd_packages:
  - openssh-server
  - openssh-sftp-server
-sshd_config_mode: "0644"
+__sshd_config_mode: "0644"
 __sshd_defaults:
  ChallengeResponseAuthentication: no
  X11Forwarding: yes
--- a/vars/Fedora.yml
+++ b/vars/Fedora.yml
@ -6,7 +6,7 @@ sshd_sftp_server: /usr/libexec/openssh/sftp-server
 # Fedora 32 ships with drop-in directory support so we touch
 # just included file with highest priority by default and have
 # empty defaults
-sshd_config_file: /etc/ssh/sshd_config.d/00-ansible_system_role.conf
+__sshd_config_file: /etc/ssh/sshd_config.d/00-ansible_system_role.conf
 __sshd_defaults:
 __sshd_os_supported: yes
 __sshd_hostkey_group: ssh_keys
--- a/vars/FreeBSD.yml
+++ b/vars/FreeBSD.yml
@ -1,6 +1,6 @@
 ---
-sshd_config_group: wheel
-sshd_config_mode: "0644"
+__sshd_config_group: wheel
+__sshd_config_mode: "0644"
 sshd_sftp_server: /usr/libexec/sftp-server
 __sshd_defaults:
  Subsystem: "sftp {{ sshd_sftp_server }}"
--- a/vars/OpenBSD.yml
+++ b/vars/OpenBSD.yml
@ -1,6 +1,6 @@
 ---
-sshd_config_group: wheel
-sshd_config_mode: "0600"
+__sshd_config_group: wheel
+__sshd_config_mode: "0600"
 sshd_sftp_server: /usr/libexec/sftp-server
 __sshd_defaults:
  AuthorizedKeysFile: .ssh/authorized_keys
--- a/vars/Ubuntu_12.yml
+++ b/vars/Ubuntu_12.yml
@ -2,7 +2,7 @@
 sshd_service: ssh
 sshd_packages:
  - openssh-server
-sshd_config_mode: "0644"
+__sshd_config_mode: "0644"
 __sshd_defaults:
  Port: 22
  Protocol: 2
--- a/vars/Ubuntu_14.yml
+++ b/vars/Ubuntu_14.yml
@ -3,7 +3,7 @@ sshd_service: ssh
 sshd_packages:
  - openssh-server
  - openssh-sftp-server
-sshd_config_mode: "0644"
+__sshd_config_mode: "0644"
 __sshd_defaults:
  Port: 22
  Protocol: 2
--- a/vars/Ubuntu_16.yml
+++ b/vars/Ubuntu_16.yml
@ -3,7 +3,7 @@ sshd_service: ssh
 sshd_packages:
  - openssh-server
  - openssh-sftp-server
-sshd_config_mode: "0644"
+__sshd_config_mode: "0644"
 __sshd_defaults:
  Port: 22
  Protocol: 2
--- a/vars/Ubuntu_18.yml
+++ b/vars/Ubuntu_18.yml
@ -3,7 +3,7 @@ sshd_service: ssh
 sshd_packages:
  - openssh-server
  - openssh-sftp-server
-sshd_config_mode: "0644"
+__sshd_config_mode: "0644"
 __sshd_defaults:
  PasswordAuthentication: no
  ChallengeResponseAuthentication: no
--- a/vars/Ubuntu_20.yml
+++ b/vars/Ubuntu_20.yml
@ -3,7 +3,7 @@ sshd_service: ssh
 sshd_packages:
  - openssh-server
  - openssh-sftp-server
-sshd_config_mode: "0644"
+__sshd_config_mode: "0644"
 __sshd_defaults:
  ChallengeResponseAuthentication: no
  UsePAM: yes