diff options
| author | Christian Pointner <equinox@spreadspace.org> | 2020-05-31 23:12:36 +0200 |
|---|---|---|
| committer | Christian Pointner <equinox@spreadspace.org> | 2020-05-31 23:12:36 +0200 |
| commit | 3a2319c9c58886a7938deabafc66ad4bc128c9f8 (patch) | |
| tree | 222b41b5b49633b9156c070df830d5c73617edd7 /roles/sshd | |
| parent | chaos-at-home: deploy apt-repo/base to some more hosts (diff) | |
move core roles to subdir
Diffstat (limited to 'roles/sshd')
| -rw-r--r-- | roles/sshd/defaults/main.yml | 2 | ||||
| -rw-r--r-- | roles/sshd/handlers/main.yml | 5 | ||||
| -rw-r--r-- | roles/sshd/tasks/main.yml | 55 | ||||
| -rw-r--r-- | roles/sshd/vars/Debian.yml | 3 | ||||
| -rw-r--r-- | roles/sshd/vars/OpenBSD.yml | 2 |
5 files changed, 0 insertions, 67 deletions
diff --git a/roles/sshd/defaults/main.yml b/roles/sshd/defaults/main.yml deleted file mode 100644 index 8b25827b..00000000 --- a/roles/sshd/defaults/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -ssh_allow_any_user: False diff --git a/roles/sshd/handlers/main.yml b/roles/sshd/handlers/main.yml deleted file mode 100644 index ea76595a..00000000 --- a/roles/sshd/handlers/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: restart ssh - service: - name: "{{ sshd_service_name }}" - state: restarted diff --git a/roles/sshd/tasks/main.yml b/roles/sshd/tasks/main.yml deleted file mode 100644 index 5eb15081..00000000 --- a/roles/sshd/tasks/main.yml +++ /dev/null @@ -1,55 +0,0 @@ ---- -- name: load os/distrubtion/version specific variables - include_vars: "{{ item }}" - with_first_found: - - files: - - "{{ ansible_distribution_release }}.yml" - - "{{ ansible_distribution }}.yml" - - "{{ ansible_os_family }}.yml" - -- name: hardening ssh-server config - vars: - sshd_options: - IgnoreRhosts: "yes" - PermitRootLogin: "without-password" - PubkeyAuthentication: "yes" - HostbasedAuthentication: "no" - PermitEmptyPasswords: "no" - UseDNS: "no" - loop: "{{ sshd_options | dict2items }}" - loop_control: - label: "{{ item.key }} = {{ item.value }}" - lineinfile: - regexp: "^#?\\s*{{ item.key }}\\s" - line: "{{ item.key }} {{ item.value }}" - dest: /etc/ssh/sshd_config - mode: 0644 - notify: restart ssh - -- name: limit allowed users - when: not ssh_allow_any_user - lineinfile: - dest: /etc/ssh/sshd_config - regexp: "^AllowUsers\\s" - line: "AllowUsers {{ ' '.join([ 'root' ] | union(ssh_allowusers_group | default([])) | union(ssh_allowusers_host | default([]))) }}" - notify: restart ssh - -- name: allow any user - when: ssh_allow_any_user - lineinfile: - dest: /etc/ssh/sshd_config - regexp: "^AllowUsers\\s" - state: absent - notify: restart ssh - -- name: install ssh keys for root - authorized_key: - user: root - key: "{{ ssh_keys_root | join('\n') }}" - exclusive: yes - -- name: delete root password - when: sshd_disabled_password is defined - user: - name: root - password: "{{ sshd_disabled_password }}" diff --git a/roles/sshd/vars/Debian.yml b/roles/sshd/vars/Debian.yml deleted file mode 100644 index abbccabc..00000000 --- a/roles/sshd/vars/Debian.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -sshd_service_name: ssh -sshd_disabled_password: '!' diff --git a/roles/sshd/vars/OpenBSD.yml b/roles/sshd/vars/OpenBSD.yml deleted file mode 100644 index abdaf180..00000000 --- a/roles/sshd/vars/OpenBSD.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -sshd_service_name: sshd |