diff options
| author | Christian Pointner <equinox@spreadspace.org> | 2021-04-11 18:15:17 +0200 |
|---|---|---|
| committer | Christian Pointner <equinox@spreadspace.org> | 2021-04-11 18:15:17 +0200 |
| commit | d0b7421c2fe72299dc9b510d51821232cb95054a (patch) | |
| tree | 5cd324184ce694e9cadeab3c767038ad147b7a9a /roles/core | |
| parent | add new config file barrier for core/sshd (diff) | |
move core/sshd to core/sshd/base
Diffstat (limited to 'roles/core')
| -rw-r--r-- | roles/core/sshd/base/defaults/main.yml (renamed from roles/core/sshd/defaults/main.yml) | 0 | ||||
| -rw-r--r-- | roles/core/sshd/base/handlers/main.yml (renamed from roles/core/sshd/handlers/main.yml) | 0 | ||||
| -rw-r--r-- | roles/core/sshd/base/tasks/main.yml (renamed from roles/core/sshd/tasks/main.yml) | 18 | ||||
| -rw-r--r-- | roles/core/sshd/base/vars/Debian.yml (renamed from roles/core/sshd/vars/Debian.yml) | 0 | ||||
| -rw-r--r-- | roles/core/sshd/base/vars/OpenBSD.yml (renamed from roles/core/sshd/vars/OpenBSD.yml) | 0 |
5 files changed, 13 insertions, 5 deletions
diff --git a/roles/core/sshd/defaults/main.yml b/roles/core/sshd/base/defaults/main.yml index 50cc0f15..50cc0f15 100644 --- a/roles/core/sshd/defaults/main.yml +++ b/roles/core/sshd/base/defaults/main.yml diff --git a/roles/core/sshd/handlers/main.yml b/roles/core/sshd/base/handlers/main.yml index ea76595a..ea76595a 100644 --- a/roles/core/sshd/handlers/main.yml +++ b/roles/core/sshd/base/handlers/main.yml diff --git a/roles/core/sshd/tasks/main.yml b/roles/core/sshd/base/tasks/main.yml index 61bd334f..d7524ef7 100644 --- a/roles/core/sshd/tasks/main.yml +++ b/roles/core/sshd/base/tasks/main.yml @@ -23,7 +23,7 @@ dest: /etc/ssh/sshd_config regexp: "^#?\\s*{{ item.key }}\\s" line: "{{ item.key }} {{ item.value }}" - insertbefore: '^### ansible core/sshd config barrier ###' + insertbefore: '^### ansible core/sshd/base config barrier ###' notify: restart ssh - name: limit allowed users @@ -32,7 +32,7 @@ dest: /etc/ssh/sshd_config regexp: "^AllowUsers\\s" line: "AllowUsers {{ ' '.join([ 'root' ] | union(sshd_allowusers_group) | union(sshd_allowusers_host)) }}" - insertbefore: '^### ansible core/sshd config barrier ###' + insertbefore: '^### ansible core/sshd/base config barrier ###' notify: restart ssh - name: allow any user @@ -43,11 +43,19 @@ state: absent notify: restart ssh -- name: install config barrier for other roles to use +- name: install config barriers for other roles to use + loop: + - line: "### ansible core/sshd/base config barrier ###" + insertbefore: "### ansible core/sshd config barrier ###" + - line: "### ansible core/sshd config barrier ###" + insertafter: "### ansible core/sshd/base config barrier ###" + loop_control: + label: "{{ item.line }}" lineinfile: dest: /etc/ssh/sshd_config - line: "### ansible core/sshd config barrier ###" - insertafter: EOF + line: "{{ item.line }}" + insertbefore: "{{ item.insertbefore | default(omit) }}" + insertafter: "{{ item.insertafter | default(omit) }}" notify: restart ssh - name: install ssh keys for root diff --git a/roles/core/sshd/vars/Debian.yml b/roles/core/sshd/base/vars/Debian.yml index abbccabc..abbccabc 100644 --- a/roles/core/sshd/vars/Debian.yml +++ b/roles/core/sshd/base/vars/Debian.yml diff --git a/roles/core/sshd/vars/OpenBSD.yml b/roles/core/sshd/base/vars/OpenBSD.yml index abdaf180..abdaf180 100644 --- a/roles/core/sshd/vars/OpenBSD.yml +++ b/roles/core/sshd/base/vars/OpenBSD.yml |