mirror of
https://github.com/willshersystems/ansible-sshd
synced 2024-11-25 12:30:19 +01:00
68 lines
2.2 KiB
YAML
68 lines
2.2 KiB
YAML
---
|
|
- name: Ensure apt sources are up to date on debian systems
|
|
ansible.builtin.apt:
|
|
update_cache: true
|
|
when:
|
|
- ansible_facts['distribution'] == 'Debian'
|
|
|
|
- name: Ensure unminimize package is installed
|
|
ansible.builtin.apt:
|
|
pkg:
|
|
- unminimize
|
|
when:
|
|
- ansible_facts['distribution'] == 'Ubuntu' and ansible_facts['distribution_major_version'] | int >= 24
|
|
|
|
- name: Determine if system is ostree and set flag
|
|
when: not __sshd_is_ostree is defined
|
|
block:
|
|
- name: Check if system is ostree
|
|
ansible.builtin.stat:
|
|
path: /run/ostree-booted
|
|
register: __ostree_booted_stat
|
|
|
|
- name: Set flag to indicate system is ostree
|
|
ansible.builtin.set_fact:
|
|
__sshd_is_ostree: "{{ __ostree_booted_stat.stat.exists }}"
|
|
|
|
- name: Ensure test users exist on ostree systems
|
|
ansible.builtin.shell: |
|
|
if ! grep -q ^nobody /etc/passwd && grep -q ^nobody /usr/lib/passwd; then
|
|
grep ^nobody /usr/lib/passwd >> /etc/passwd
|
|
fi
|
|
if ! grep -q ^nobody /etc/group && grep -q ^nobody /usr/lib/group; then
|
|
grep ^nobody /usr/lib/group >> /etc/group
|
|
fi
|
|
when: __sshd_is_ostree | d(false)
|
|
changed_when: true
|
|
|
|
- name: Make sure openssh is installed before creating backup
|
|
ansible.builtin.package:
|
|
name: openssh-server
|
|
state: present
|
|
use: "{{ (__sshd_is_ostree | d(false)) |
|
|
ternary('ansible.posix.rhel_rpm_ostree', omit) }}"
|
|
|
|
- name: Make sure openssh has runtime directory on debian
|
|
ansible.builtin.file:
|
|
path: /run/sshd
|
|
state: directory
|
|
owner: root
|
|
group: root
|
|
mode: "0755"
|
|
when:
|
|
- ansible_facts['os_family'] == 'Debian'
|
|
|
|
- name: Define common variables
|
|
ansible.builtin.set_fact:
|
|
main_sshd_config: /etc/ssh/sshd_config
|
|
main_sshd_config_name: sshd_config
|
|
main_sshd_config_path: /etc/ssh/
|
|
|
|
- name: Define specific variables
|
|
ansible.builtin.set_fact:
|
|
main_sshd_config: /etc/ssh/sshd_config.d/00-ansible_system_role.conf
|
|
main_sshd_config_name: 00-ansible_system_role.conf
|
|
main_sshd_config_path: /etc/ssh/sshd_config.d/
|
|
when:
|
|
- (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] | int > 8) or
|
|
(ansible_facts['distribution'] == 'Ubuntu' and ansible_facts['distribution_major_version'] | int >= 20)
|