summaryrefslogtreecommitdiff
path: root/roles
diff options
context:
space:
mode:
Diffstat (limited to 'roles')
-rw-r--r--roles/core/sshd/base/tasks/main.yml30
1 files changed, 15 insertions, 15 deletions
diff --git a/roles/core/sshd/base/tasks/main.yml b/roles/core/sshd/base/tasks/main.yml
index 15ae6032..9793d831 100644
--- a/roles/core/sshd/base/tasks/main.yml
+++ b/roles/core/sshd/base/tasks/main.yml
@@ -7,6 +7,21 @@
- "{{ ansible_os_family }}.yml"
include_vars: "{{ item }}"
+- name: install config barriers for other roles to use
+ loop:
+ - line: "### ansible core/sshd/base config barrier ###"
+ insertbefore: "### ansible core/sshd config barrier ###"
+ - line: "### ansible core/sshd config barrier ###"
+ insertafter: "### ansible core/sshd/base config barrier ###"
+ loop_control:
+ label: "{{ item.line }}"
+ lineinfile:
+ dest: /etc/ssh/sshd_config
+ line: "{{ item.line }}"
+ insertbefore: "{{ item.insertbefore | default(omit) }}"
+ insertafter: "{{ item.insertafter | default(omit) }}"
+ notify: restart ssh
+
- name: hardening ssh-server config
vars:
sshd_options:
@@ -68,21 +83,6 @@
state: absent
notify: restart ssh
-- name: install config barriers for other roles to use
- loop:
- - line: "### ansible core/sshd/base config barrier ###"
- insertbefore: "### ansible core/sshd config barrier ###"
- - line: "### ansible core/sshd config barrier ###"
- insertafter: "### ansible core/sshd/base config barrier ###"
- loop_control:
- label: "{{ item.line }}"
- lineinfile:
- dest: /etc/ssh/sshd_config
- line: "{{ item.line }}"
- insertbefore: "{{ item.insertbefore | default(omit) }}"
- insertafter: "{{ item.insertafter | default(omit) }}"
- notify: restart ssh
-
- name: install ssh keys for root
authorized_key:
user: root