From 0977596360b0a2c6a875114624d4afc8b9823718 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Sun, 11 Apr 2021 04:33:35 +0200
Subject: add new config file barrier for core/sshd

---
 roles/core/sshd/tasks/main.yml | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

(limited to 'roles/core/sshd')

diff --git a/roles/core/sshd/tasks/main.yml b/roles/core/sshd/tasks/main.yml
index 88ecf64a..61bd334f 100644
--- a/roles/core/sshd/tasks/main.yml
+++ b/roles/core/sshd/tasks/main.yml
@@ -20,10 +20,10 @@
   loop_control:
     label: "{{ item.key }} = {{ item.value }}"
   lineinfile:
+    dest: /etc/ssh/sshd_config
     regexp: "^#?\\s*{{ item.key }}\\s"
     line: "{{ item.key }} {{ item.value }}"
-    dest: /etc/ssh/sshd_config
-    mode: 0644
+    insertbefore: '^### ansible core/sshd config barrier ###'
   notify: restart ssh
 
 - name: limit allowed users
@@ -32,6 +32,7 @@
     dest: /etc/ssh/sshd_config
     regexp: "^AllowUsers\\s"
     line: "AllowUsers {{ ' '.join([ 'root' ] | union(sshd_allowusers_group) | union(sshd_allowusers_host)) }}"
+    insertbefore: '^### ansible core/sshd config barrier ###'
   notify: restart ssh
 
 - name: allow any user
@@ -42,6 +43,13 @@
     state: absent
   notify: restart ssh
 
+- name: install config barrier for other roles to use
+  lineinfile:
+    dest: /etc/ssh/sshd_config
+    line: "### ansible core/sshd config barrier ###"
+    insertafter: EOF
+  notify: restart ssh
+
 - name: install ssh keys for root
   authorized_key:
     user: root
-- 
cgit v1.2.3