libretic/ansible-sshd
6
0
Fork 0
mirror of https://github.com/willshersystems/ansible-sshd synced 2024-11-28 13:50:17 +01:00
Code Issues Projects Releases Packages Wiki Activity
ansible-sshd/tasks/install_config.yml
Jakub Jelen e83cb52ded fix: Document and streamline the sshd_main_config_file 
The option was introduced in 6bb0d7b456
without documentation and intended use. The recent change
f6ae2094fe propagated this option to the
generated service files, which is resulting in unexpected results, when
a user decided to set only `sshd_config_file` for the second sshd
service causing the service file points to the system-wide
configuration file.

This is an attempt to fix this by introducing some heuristics to guess
if the user wants to set up second drop-in directory (ending with .d)
or create a standalone configuration file.

Fixes: #280
2024-04-05 09:29:10 +02:00

49 lines
1.7 KiB
YAML
Raw Blame History

---
- name: Create a directory for drop-in configuration snippets
ansible.builtin.file:
path: "{{ sshd_config_file | dirname }}"
state: directory
mode: "{{ sshd_drop_in_dir_mode }}"
when:
- sshd_main_config_file is not none
- sshd_config_file | dirname == sshd_main_config_file ~ '.d'
- name: Create the complete configuration file
ansible.builtin.template:
src: sshd_config.j2
dest: "{{ sshd_config_file }}"
owner: "{{ sshd_config_owner }}"
group: "{{ sshd_config_group }}"
mode: "{{ sshd_config_mode }}"
validate: >-
{% if not __sshd_supports_validate %}
true %s
{% elif sshd_test_hostkey is defined and sshd_test_hostkey.path is defined %}
{{ sshd_binary }} -t -f %s -h {{ sshd_test_hostkey.path }}/rsa_key
{% else %}
{{ sshd_binary }} -t -f %s
{% endif %}
backup: "{{ sshd_backup }}"
notify: reload_sshd
- name: Make sure the include path is present in the main sshd_config
ansible.builtin.lineinfile:
insertbefore: BOF
line: "Include {{ sshd_config_file | dirname }}/*.conf"
path: "{{ sshd_main_config_file }}"
owner: "{{ sshd_config_owner }}"
group: "{{ sshd_config_group }}"
mode: "{{ sshd_config_mode }}"
validate: >-
{% if not __sshd_supports_validate %}
true %s
{% elif sshd_test_hostkey is defined and sshd_test_hostkey.path is defined %}
{{ sshd_binary }} -t -f %s -h {{ sshd_test_hostkey.path }}/rsa_key
{% else %}
{{ sshd_binary }} -t -f %s
{% endif %}
backup: "{{ sshd_backup }}"
notify: reload_sshd
when:
- sshd_main_config_file is not none
- sshd_config_file | dirname == sshd_main_config_file ~ '.d'
Reference in a new issue View git blame Copy permalink