core/sshd: make sure AllowUsers and AllowGroups list is sorted

author: Christian Pointner <equinox@spreadspace.org> 2024-03-13 22:04:21 +0100
committer: Christian Pointner <equinox@spreadspace.org> 2024-03-13 22:04:21 +0100
commit: f6a2150f9ec5fc0ea91453dfc1ce9732a210f663 (patch)
tree: 93e1a65ca6558498b57750b3cb77caa3968bcb91 /roles
parent: ch-apps: upgrade kubelet to 1.29.2 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/roles/core/sshd/base/tasks/main.yml b/roles/core/sshd/base/tasks/main.yml
index 87cd9a29..78c094d4 100644
--- a/roles/core/sshd/base/tasks/main.yml
+++ b/roles/core/sshd/base/tasks/main.yml
@@ -48,7 +48,7 @@
   lineinfile:
     dest: /etc/ssh/sshd_config
     regexp: "^AllowUsers\\s"
-    line: "AllowUsers {{ ' '.join([ 'root' ] | union(sshd_allowusers_group) | union(sshd_allowusers_host) | union(sshd_jump_users | default({}) | list)) }}"
+    line: "AllowUsers {{ ' '.join([ 'root' ] | union(sshd_allowusers_group) | union(sshd_allowusers_host) | union(sshd_jump_users | default({}) | list) | sort) }}"
     insertbefore: '^### ansible core/sshd/base config barrier ###'
   notify: restart ssh
 
@@ -72,7 +72,7 @@
     lineinfile:
       dest: /etc/ssh/sshd_config
       regexp: "^AllowGroups\\s"
-      line: "AllowGroups {{ ' '.join(sshd_allowgroups_group | union(sshd_allowgroups_host)) }}"
+      line: "AllowGroups {{ ' '.join(sshd_allowgroups_group | union(sshd_allowgroups_host) | sort) }}"
       insertbefore: '^### ansible core/sshd/base config barrier ###'
     notify: restart ssh
author	Christian Pointner <equinox@spreadspace.org>	2024-03-13 22:04:21 +0100
committer	Christian Pointner <equinox@spreadspace.org>	2024-03-13 22:04:21 +0100
commit	f6a2150f9ec5fc0ea91453dfc1ce9732a210f663 (patch)
tree	93e1a65ca6558498b57750b3cb77caa3968bcb91 /roles
parent	ch-apps: upgrade kubelet to 1.29.2 (diff)