From c7006b00fb5664423daeee3b83aa347cf959701b Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Thu, 26 Dec 2019 21:50:16 +0100 Subject: zsh and sshd role support debian and openbsd now --- roles/sshd/handlers/main.yml | 2 +- roles/sshd/tasks/main.yml | 11 ++++++++++- roles/sshd/vars/Debian.yml | 3 +++ roles/sshd/vars/OpenBSD.yml | 2 ++ 4 files changed, 16 insertions(+), 2 deletions(-) create mode 100644 roles/sshd/vars/Debian.yml create mode 100644 roles/sshd/vars/OpenBSD.yml (limited to 'roles/sshd') diff --git a/roles/sshd/handlers/main.yml b/roles/sshd/handlers/main.yml index f43817f2..ea76595a 100644 --- a/roles/sshd/handlers/main.yml +++ b/roles/sshd/handlers/main.yml @@ -1,5 +1,5 @@ --- - name: restart ssh service: - name: sshd + name: "{{ sshd_service_name }}" state: restarted diff --git a/roles/sshd/tasks/main.yml b/roles/sshd/tasks/main.yml index f98ea536..d73d778b 100644 --- a/roles/sshd/tasks/main.yml +++ b/roles/sshd/tasks/main.yml @@ -1,4 +1,12 @@ --- +- name: load os/distrubtion/version specific variables + include_vars: "{{ item }}" + with_first_found: + - files: + - "{{ ansible_distribution_release }}.yml" + - "{{ ansible_distribution }}.yml" + - "{{ ansible_os_family }}.yml" + - name: hardening ssh-server config vars: sshd_options: @@ -32,6 +40,7 @@ exclusive: yes - name: delete root password + when: sshd_disabled_password is defined user: name: root - password: "!" + password: "{{ sshd_disabled_password }}" diff --git a/roles/sshd/vars/Debian.yml b/roles/sshd/vars/Debian.yml new file mode 100644 index 00000000..abbccabc --- /dev/null +++ b/roles/sshd/vars/Debian.yml @@ -0,0 +1,3 @@ +--- +sshd_service_name: ssh +sshd_disabled_password: '!' diff --git a/roles/sshd/vars/OpenBSD.yml b/roles/sshd/vars/OpenBSD.yml new file mode 100644 index 00000000..abdaf180 --- /dev/null +++ b/roles/sshd/vars/OpenBSD.yml @@ -0,0 +1,2 @@ +--- +sshd_service_name: sshd -- cgit v1.2.3