diff options
Diffstat (limited to 'roles/sshd')
-rw-r--r-- | roles/sshd/handlers/main.yml | 2 | ||||
-rw-r--r-- | roles/sshd/tasks/main.yml | 14 | ||||
-rw-r--r-- | roles/sshd/vars/Debian.yml | 3 | ||||
-rw-r--r-- | roles/sshd/vars/OpenBSD.yml | 2 |
4 files changed, 15 insertions, 6 deletions
diff --git a/roles/sshd/handlers/main.yml b/roles/sshd/handlers/main.yml index 822887e3..ea76595a 100644 --- a/roles/sshd/handlers/main.yml +++ b/roles/sshd/handlers/main.yml @@ -1,5 +1,5 @@ --- - name: restart ssh service: - name: ssh + name: "{{ sshd_service_name }}" state: restarted diff --git a/roles/sshd/tasks/main.yml b/roles/sshd/tasks/main.yml index 2977d20b..d73d778b 100644 --- a/roles/sshd/tasks/main.yml +++ b/roles/sshd/tasks/main.yml @@ -1,8 +1,11 @@ --- -- name: install ssh-server - apt: - name: openssh-server - state: present +- name: load os/distrubtion/version specific variables + include_vars: "{{ item }}" + with_first_found: + - files: + - "{{ ansible_distribution_release }}.yml" + - "{{ ansible_distribution }}.yml" + - "{{ ansible_os_family }}.yml" - name: hardening ssh-server config vars: @@ -37,6 +40,7 @@ exclusive: yes - name: delete root password + when: sshd_disabled_password is defined user: name: root - password: "!" + password: "{{ sshd_disabled_password }}" diff --git a/roles/sshd/vars/Debian.yml b/roles/sshd/vars/Debian.yml new file mode 100644 index 00000000..abbccabc --- /dev/null +++ b/roles/sshd/vars/Debian.yml @@ -0,0 +1,3 @@ +--- +sshd_service_name: ssh +sshd_disabled_password: '!' diff --git a/roles/sshd/vars/OpenBSD.yml b/roles/sshd/vars/OpenBSD.yml new file mode 100644 index 00000000..abdaf180 --- /dev/null +++ b/roles/sshd/vars/OpenBSD.yml @@ -0,0 +1,2 @@ +--- +sshd_service_name: sshd |