mirror of
https://github.com/willshersystems/ansible-sshd
synced 2025-01-09 08:50:17 +01:00
e83cb52ded
The option was introduced in6bb0d7b456
without documentation and intended use. The recent changef6ae2094fe
propagated this option to the generated service files, which is resulting in unexpected results, when a user decided to set only `sshd_config_file` for the second sshd service causing the service file points to the system-wide configuration file. This is an attempt to fix this by introducing some heuristics to guess if the user wants to set up second drop-in directory (ending with .d) or create a standalone configuration file. Fixes: #280
49 lines
1.7 KiB
YAML
49 lines
1.7 KiB
YAML
---
|
|
- name: Create a directory for drop-in configuration snippets
|
|
ansible.builtin.file:
|
|
path: "{{ sshd_config_file | dirname }}"
|
|
state: directory
|
|
mode: "{{ sshd_drop_in_dir_mode }}"
|
|
when:
|
|
- sshd_main_config_file is not none
|
|
- sshd_config_file | dirname == sshd_main_config_file ~ '.d'
|
|
|
|
- name: Create the complete configuration file
|
|
ansible.builtin.template:
|
|
src: sshd_config.j2
|
|
dest: "{{ sshd_config_file }}"
|
|
owner: "{{ sshd_config_owner }}"
|
|
group: "{{ sshd_config_group }}"
|
|
mode: "{{ sshd_config_mode }}"
|
|
validate: >-
|
|
{% if not __sshd_supports_validate %}
|
|
true %s
|
|
{% elif sshd_test_hostkey is defined and sshd_test_hostkey.path is defined %}
|
|
{{ sshd_binary }} -t -f %s -h {{ sshd_test_hostkey.path }}/rsa_key
|
|
{% else %}
|
|
{{ sshd_binary }} -t -f %s
|
|
{% endif %}
|
|
backup: "{{ sshd_backup }}"
|
|
notify: reload_sshd
|
|
|
|
- name: Make sure the include path is present in the main sshd_config
|
|
ansible.builtin.lineinfile:
|
|
insertbefore: BOF
|
|
line: "Include {{ sshd_config_file | dirname }}/*.conf"
|
|
path: "{{ sshd_main_config_file }}"
|
|
owner: "{{ sshd_config_owner }}"
|
|
group: "{{ sshd_config_group }}"
|
|
mode: "{{ sshd_config_mode }}"
|
|
validate: >-
|
|
{% if not __sshd_supports_validate %}
|
|
true %s
|
|
{% elif sshd_test_hostkey is defined and sshd_test_hostkey.path is defined %}
|
|
{{ sshd_binary }} -t -f %s -h {{ sshd_test_hostkey.path }}/rsa_key
|
|
{% else %}
|
|
{{ sshd_binary }} -t -f %s
|
|
{% endif %}
|
|
backup: "{{ sshd_backup }}"
|
|
notify: reload_sshd
|
|
when:
|
|
- sshd_main_config_file is not none
|
|
- sshd_config_file | dirname == sshd_main_config_file ~ '.d'
|