--- - name: Ensure apt sources are up to date on debian systems ansible.builtin.apt: update_cache: true when: - ansible_facts['distribution'] == 'Debian' - name: Determine if system is ostree and set flag when: not __sshd_is_ostree is defined block: - name: Check if system is ostree ansible.builtin.stat: path: /run/ostree-booted register: __ostree_booted_stat - name: Set flag to indicate system is ostree ansible.builtin.set_fact: __sshd_is_ostree: "{{ __ostree_booted_stat.stat.exists }}" - name: Ensure test users exist on ostree systems ansible.builtin.shell: | if ! grep -q ^nobody /etc/passwd && grep -q ^nobody /usr/lib/passwd; then grep ^nobody /usr/lib/passwd >> /etc/passwd fi if ! grep -q ^nobody /etc/group && grep -q ^nobody /usr/lib/group; then grep ^nobody /usr/lib/group >> /etc/group fi when: __sshd_is_ostree | d(false) changed_when: true - name: Make sure openssh is installed before creating backup ansible.builtin.package: name: openssh-server state: present use: "{{ (__sshd_is_ostree | d(false)) | ternary('ansible.posix.rhel_rpm_ostree', omit) }}" - name: Make sure openssh has runtime directory on debian ansible.builtin.file: path: /run/sshd state: directory owner: root group: root mode: "0755" when: - ansible_facts['os_family'] == 'Debian' - name: Define common variables ansible.builtin.set_fact: main_sshd_config: /etc/ssh/sshd_config main_sshd_config_name: sshd_config main_sshd_config_path: /etc/ssh/ - name: Define specific variables ansible.builtin.set_fact: main_sshd_config: /etc/ssh/sshd_config.d/00-ansible_system_role.conf main_sshd_config_name: 00-ansible_system_role.conf main_sshd_config_path: /etc/ssh/sshd_config.d/ when: - (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version']|int > 8) or (ansible_facts['distribution'] == 'Ubuntu' and ansible_facts['distribution_major_version']|int >= 22)