add new config file barrier for core/sshd

author: Christian Pointner <equinox@spreadspace.org> 2021-04-11 04:33:35 +0200
committer: Christian Pointner <equinox@spreadspace.org> 2021-04-11 04:33:35 +0200
commit: 0977596360b0a2c6a875114624d4afc8b9823718 (patch)
tree: d18204036e54b553311b108936ee802223d4efcc /roles/core/sshd
parent: ch-jump: finalize config (diff)
1 files changed, 10 insertions, 2 deletions
diff --git a/roles/core/sshd/tasks/main.yml b/roles/core/sshd/tasks/main.yml
index 88ecf64a..61bd334f 100644
--- a/roles/core/sshd/tasks/main.yml
+++ b/roles/core/sshd/tasks/main.yml
@@ -20,10 +20,10 @@
   loop_control:
     label: "{{ item.key }} = {{ item.value }}"
   lineinfile:
+    dest: /etc/ssh/sshd_config
     regexp: "^#?\\s*{{ item.key }}\\s"
     line: "{{ item.key }} {{ item.value }}"
-    dest: /etc/ssh/sshd_config
-    mode: 0644
+    insertbefore: '^### ansible core/sshd config barrier ###'
   notify: restart ssh
 
 - name: limit allowed users
@@ -32,6 +32,7 @@
     dest: /etc/ssh/sshd_config
     regexp: "^AllowUsers\\s"
     line: "AllowUsers {{ ' '.join([ 'root' ] | union(sshd_allowusers_group) | union(sshd_allowusers_host)) }}"
+    insertbefore: '^### ansible core/sshd config barrier ###'
   notify: restart ssh
 
 - name: allow any user
@@ -42,6 +43,13 @@
     state: absent
   notify: restart ssh
 
+- name: install config barrier for other roles to use
+  lineinfile:
+    dest: /etc/ssh/sshd_config
+    line: "### ansible core/sshd config barrier ###"
+    insertafter: EOF
+  notify: restart ssh
+
 - name: install ssh keys for root
   authorized_key:
     user: root
author	Christian Pointner <equinox@spreadspace.org>	2021-04-11 04:33:35 +0200
committer	Christian Pointner <equinox@spreadspace.org>	2021-04-11 04:33:35 +0200
commit	0977596360b0a2c6a875114624d4afc8b9823718 (patch)
tree	d18204036e54b553311b108936ee802223d4efcc /roles/core/sshd
parent	ch-jump: finalize config (diff)