Skip to content
Snippets Groups Projects
Select Git revision
  • f1774b4a3870bf8decd8ec675ebb57ec91fab4b7
  • master default protected
  • th/btop
  • th/ssh-config
  • th/rwth-afu
  • th/rhel
  • th/emacs-nox-gtk
7 results

main.yml

Blame
    • Code owners
    Assign users and groups as approvers for specific file changes. Learn more.
    main.yml 4.38 KiB 
    ---

- name: ensure sshd is installed
  apt:
    name: openssh-server
    state: present
  tags:
    - ssh

- name: ensure sshd is configured (old-style)
  template:
    src: sshd_config_old_style.j2
    dest: /etc/ssh/sshd_config
    owner: root
    group: root
    mode: '0644'
    backup: true
    validate: '/usr/sbin/sshd -t -f %s'
  when: ansible_distribution_major_version|int(default=99) < 11
  notify:
    - restart sshd
  tags:
    - ssh

- name: ensure sshd is configured (main)
  template:
    src: sshd_config_main.j2
    dest: /etc/ssh/sshd_config
    owner: root
    group: root
    mode: '0644'
    backup: true
    validate: '/usr/sbin/sshd -t -f %s'
  when: ansible_distribution_major_version|int(default=99) > 10
  notify:
    - restart sshd
  tags:
    - ssh

- name: ensure sshd is configured (drop-ins)
  template:
    src: "sshd_config.d/{{ item }}.j2"
    dest: "/etc/ssh/sshd_config.d/{{ item }}"
    owner: root
    group: root
    mode: '0644'
    backup: true
    validate: '/usr/sbin/sshd -t -f %s'
  when: ansible_distribution_major_version|int(default=99) > 10
  with_items:
    - authentication.conf
    - banner.conf
    - ciphers.conf
    - forwarding.conf
    - groups.conf
  notify:
    - restart sshd
  tags:
    - ssh

- name: ensure ssh is configured (old-style)
  template:
    src: ssh_config.j2
    dest: /etc/ssh/ssh_config
    owner: root
    group: root
    mode: '0644'
    backup: true
  when: ansible_distribution_major_version|int(default=99) < 11
  tags: