mirror of
https://github.com/willshersystems/ansible-sshd
synced 2024-12-27 19:00:18 +01:00
71b3f87308
This is useful for opting out from system-wide cryto policy for SSH or configuring advanced use case (strong RNG seed). Fixes: #141
84 lines
2.2 KiB
YAML
84 lines
2.2 KiB
YAML
---
|
|
- name: OS is supported
|
|
meta: end_host
|
|
when:
|
|
- not __sshd_os_supported|bool
|
|
|
|
- name: Install ssh packages
|
|
package:
|
|
name: "{{ sshd_packages }}"
|
|
state: present
|
|
|
|
- name: Configuration
|
|
template:
|
|
src: sshd_config.j2
|
|
dest: "{{ sshd_config_file }}"
|
|
owner: "{{ sshd_config_owner }}"
|
|
group: "{{ sshd_config_group }}"
|
|
mode: "{{ sshd_config_mode }}"
|
|
validate: "{{ sshd_binary }} -t -f %s"
|
|
backup: "{{ sshd_backup }}"
|
|
notify: reload_sshd
|
|
|
|
- name: Sysconfig configuration
|
|
template:
|
|
src: sysconfig.j2
|
|
dest: "/etc/sysconfig/sshd"
|
|
owner: "root"
|
|
group: "root"
|
|
mode: "600"
|
|
backup: "{{ sshd_backup }}"
|
|
when:
|
|
- sshd_sysconfig|bool
|
|
notify: reload_sshd
|
|
|
|
- name: Install systemd service files
|
|
block:
|
|
- name: Install service unit file
|
|
template:
|
|
src: "{{ sshd_service_template_service }}"
|
|
dest: "/etc/systemd/system/{{ sshd_service }}.service"
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
notify: reload_sshd
|
|
- name: Install instanced service unit file
|
|
template:
|
|
src: "{{ sshd_service_template_at_service }}"
|
|
dest: "/etc/systemd/system/{{ sshd_service }}@.service"
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
notify: reload_sshd
|
|
- name: Install socket unit file
|
|
template:
|
|
src: "{{ sshd_service_template_socket }}"
|
|
dest: "/etc/systemd/system/{{ sshd_service }}.socket"
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
notify: reload_sshd
|
|
when: sshd_install_service|bool
|
|
|
|
- name: Service enabled and running
|
|
service:
|
|
name: "{{ sshd_service }}"
|
|
enabled: true
|
|
state: started
|
|
when:
|
|
- sshd_manage_service|bool
|
|
- ansible_virtualization_type|default(None) != 'docker'
|
|
- ansible_connection != 'chroot'
|
|
|
|
# Due to ansible bug 21026, cannot use service module on RHEL 7
|
|
- name: Enable service in chroot
|
|
command: systemctl enable {{ sshd_service }} # noqa 303
|
|
when:
|
|
- ansible_connection == 'chroot'
|
|
- ansible_os_family == 'RedHat'
|
|
- ansible_distribution_major_version|int >= 7
|
|
|
|
- name: Register that this role has run
|
|
set_fact:
|
|
sshd_has_run: true
|
|
when: sshd_has_run is not defined
|