From 30afd60db59e68915ae4b48a8e00ee289e451ec6 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Thu, 22 Apr 2021 23:35:28 +0200
Subject: minor sshd role refactoring

---
 roles/core/sshd/base/tasks/main.yml | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

(limited to 'roles/core')

diff --git a/roles/core/sshd/base/tasks/main.yml b/roles/core/sshd/base/tasks/main.yml
index 15ae6032..9793d831 100644
--- a/roles/core/sshd/base/tasks/main.yml
+++ b/roles/core/sshd/base/tasks/main.yml
@@ -7,6 +7,21 @@
     - "{{ ansible_os_family }}.yml"
   include_vars: "{{ item }}"
 
+- name: install config barriers for other roles to use
+  loop:
+  - line: "### ansible core/sshd/base config barrier ###"
+    insertbefore: "### ansible core/sshd config barrier ###"
+  - line: "### ansible core/sshd config barrier ###"
+    insertafter: "### ansible core/sshd/base config barrier ###"
+  loop_control:
+    label: "{{ item.line }}"
+  lineinfile:
+    dest: /etc/ssh/sshd_config
+    line: "{{ item.line }}"
+    insertbefore: "{{ item.insertbefore | default(omit) }}"
+    insertafter: "{{ item.insertafter | default(omit) }}"
+  notify: restart ssh
+
 - name: hardening ssh-server config
   vars:
     sshd_options:
@@ -68,21 +83,6 @@
     state: absent
   notify: restart ssh
 
-- name: install config barriers for other roles to use
-  loop:
-  - line: "### ansible core/sshd/base config barrier ###"
-    insertbefore: "### ansible core/sshd config barrier ###"
-  - line: "### ansible core/sshd config barrier ###"
-    insertafter: "### ansible core/sshd/base config barrier ###"
-  loop_control:
-    label: "{{ item.line }}"
-  lineinfile:
-    dest: /etc/ssh/sshd_config
-    line: "{{ item.line }}"
-    insertbefore: "{{ item.insertbefore | default(omit) }}"
-    insertafter: "{{ item.insertafter | default(omit) }}"
-  notify: restart ssh
-
 - name: install ssh keys for root
   authorized_key:
     user: root
-- 
cgit v1.2.3