From 0243f0c83260bacbf41b60a19fe7a5b828f2141c Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Sun, 11 Apr 2021 20:22:33 +0200
Subject: add core role sshd/jump

---
 roles/core/sshd/base/tasks/main.yml | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

(limited to 'roles/core/sshd/base')

diff --git a/roles/core/sshd/base/tasks/main.yml b/roles/core/sshd/base/tasks/main.yml
index d7524ef7..e5c9f6a7 100644
--- a/roles/core/sshd/base/tasks/main.yml
+++ b/roles/core/sshd/base/tasks/main.yml
@@ -1,11 +1,11 @@
 ---
 - name: load os/distrubtion/version specific variables
-  include_vars: "{{ item }}"
   with_first_found:
-    - files:
-        - "{{ ansible_distribution_release }}.yml"
-        - "{{ ansible_distribution }}.yml"
-        - "{{ ansible_os_family }}.yml"
+  - files:
+    - "{{ ansible_distribution_release }}.yml"
+    - "{{ ansible_distribution }}.yml"
+    - "{{ ansible_os_family }}.yml"
+  include_vars: "{{ item }}"
 
 - name: hardening ssh-server config
   vars:
@@ -31,7 +31,7 @@
   lineinfile:
     dest: /etc/ssh/sshd_config
     regexp: "^AllowUsers\\s"
-    line: "AllowUsers {{ ' '.join([ 'root' ] | union(sshd_allowusers_group) | union(sshd_allowusers_host)) }}"
+    line: "AllowUsers {{ ' '.join([ 'root' ] | union(sshd_allowusers_group) | union(sshd_allowusers_host) | union(sshd_jump_users | default({}) | list)) }}"
     insertbefore: '^### ansible core/sshd/base config barrier ###'
   notify: restart ssh
 
-- 
cgit v1.2.3