From f6a2150f9ec5fc0ea91453dfc1ce9732a210f663 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Wed, 13 Mar 2024 22:04:21 +0100
Subject: core/sshd: make sure AllowUsers and AllowGroups list is sorted

---
 roles/core/sshd/base/tasks/main.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'roles/core/sshd')

diff --git a/roles/core/sshd/base/tasks/main.yml b/roles/core/sshd/base/tasks/main.yml
index 87cd9a29..78c094d4 100644
--- a/roles/core/sshd/base/tasks/main.yml
+++ b/roles/core/sshd/base/tasks/main.yml
@@ -48,7 +48,7 @@
   lineinfile:
     dest: /etc/ssh/sshd_config
     regexp: "^AllowUsers\\s"
-    line: "AllowUsers {{ ' '.join([ 'root' ] | union(sshd_allowusers_group) | union(sshd_allowusers_host) | union(sshd_jump_users | default({}) | list)) }}"
+    line: "AllowUsers {{ ' '.join([ 'root' ] | union(sshd_allowusers_group) | union(sshd_allowusers_host) | union(sshd_jump_users | default({}) | list) | sort) }}"
     insertbefore: '^### ansible core/sshd/base config barrier ###'
   notify: restart ssh
 
@@ -72,7 +72,7 @@
     lineinfile:
       dest: /etc/ssh/sshd_config
       regexp: "^AllowGroups\\s"
-      line: "AllowGroups {{ ' '.join(sshd_allowgroups_group | union(sshd_allowgroups_host)) }}"
+      line: "AllowGroups {{ ' '.join(sshd_allowgroups_group | union(sshd_allowgroups_host) | sort) }}"
       insertbefore: '^### ansible core/sshd/base config barrier ###'
     notify: restart ssh
 
-- 
cgit v1.2.3