mirror of
https://github.com/willshersystems/ansible-sshd
synced 2024-11-12 14:40:19 +01:00
f32003f051
The usage of set_facts inside of roles is not recommended if it is used for internal variables used only inside of the role. It is recommended to use variables with smaller scope to avoid inter-dependencies between different invocations of the same role as demonstrated in the tests_alternative_file.yml later in the patch series ttps://github.com/oasis-roles/meta_standards#ansible-best-practices
57 lines
1.9 KiB
YAML
57 lines
1.9 KiB
YAML
---
|
|
### USER OPTIONS
|
|
# Set to false to disable this role completely
|
|
sshd_enable: true
|
|
|
|
# Don't apply OS defaults when set to true
|
|
sshd_skip_defaults: false
|
|
|
|
# If the below is false, don't manage the service or reload the SSH
|
|
# daemon at all
|
|
sshd_manage_service: true
|
|
|
|
# If the below is true, also install service files from the templates pointed
|
|
# to by the `sshd_service_template_*` variables
|
|
sshd_install_service: false
|
|
sshd_service_template_service: sshd.service.j2
|
|
sshd_service_template_at_service: sshd@.service.j2
|
|
sshd_service_template_socket: sshd.socket.j2
|
|
|
|
# If the below is false, don't reload the ssh daemon on change
|
|
sshd_allow_reload: true
|
|
|
|
# If the below is true, create a backup of the config file when the template is copied
|
|
sshd_backup: true
|
|
|
|
# If the below is true, also install the sysconfig file with the below options
|
|
# (useful only on Fedora and RHEL)
|
|
sshd_sysconfig: false
|
|
|
|
# If the below is true the role will override also crypto policy configuration
|
|
sshd_sysconfig_override_crypto_policy: false
|
|
|
|
# If the below is set to non-zero value, the OpenSSL random generator is
|
|
# reseeded with the given amount of random bytes (from getrandom(2)
|
|
# with GRND_RANDOM or /dev/random). Minimum is 14 bytes when enabled.
|
|
# This is not recommended to enable if you do not have hadware random generator
|
|
sshd_sysconfig_use_strong_rng: 0
|
|
|
|
# Empty dicts to avoid errors
|
|
sshd: {}
|
|
|
|
### VARS DEFAULTS
|
|
### The following are defaults for OS specific configuration in var files in
|
|
### this role. They should not be set directly by role users.
|
|
sshd_packages: []
|
|
sshd_config_owner: root
|
|
sshd_config_group: root
|
|
sshd_config_mode: "0600"
|
|
sshd_binary: /usr/sbin/sshd
|
|
sshd_service: sshd
|
|
sshd_sftp_server: /usr/lib/openssh/sftp-server
|
|
|
|
### These variables are used by role internals and should not be used.
|
|
__sshd_defaults: {}
|
|
__sshd_os_supported: no
|
|
__sshd_sysconfig_supports_crypto_policy: false
|
|
__sshd_sysconfig_supports_use_strong_rng: false
|