From 4bce4e54c4e97d0fa4128dee67f57ba33ef6a2b0 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Thu, 7 Dec 2017 17:59:15 +0100
Subject: harmonized yaml syntax

---
 roles/sshserver/tasks/main.yaml | 22 ++++++++++++----------
 1 file changed, 12 insertions(+), 10 deletions(-)

(limited to 'roles/sshserver/tasks/main.yaml')

diff --git a/roles/sshserver/tasks/main.yaml b/roles/sshserver/tasks/main.yaml
index 52a36343..d2c5c9f0 100644
--- a/roles/sshserver/tasks/main.yaml
+++ b/roles/sshserver/tasks/main.yaml
@@ -1,6 +1,8 @@
 ---
 - name: install ssh-server
-  apt: name=openssh-server state=present
+  apt:
+    name: openssh-server
+    state: present
 
 - name: hardening ssh-server config
   lineinfile:
@@ -9,17 +11,17 @@
     dest: /etc/ssh/sshd_config
     mode: 0644
   with_items:
-    - { "regexp": "^#?\\s*IgnoreRhosts", "line": "IgnoreRhosts yes" }
-    - { "regexp": "^#?\\s*PermitRootLogin", "line": "PermitRootLogin without-password" }
-    - { "regexp": "^#?\\s*PubkeyAuthentication", "line": "PubkeyAuthentication yes" }
-    - { "regexp": "^#?\\s*HostbasedAuthentication", "line": "HostbasedAuthentication no"  }
-    - { "regexp": "^#?\\s*PermitEmptyPasswords", "line": "PermitEmptyPasswords no" }
-    - { "regexp": "^#?\\s*UseDNS", "line": "UseDNS no" }
+  - { regexp: "^#?\\s*IgnoreRhosts", line: "IgnoreRhosts yes" }
+  - { regexp: "^#?\\s*PermitRootLogin", line: "PermitRootLogin without-password" }
+  - { regexp: "^#?\\s*PubkeyAuthentication", line: "PubkeyAuthentication yes" }
+  - { regexp: "^#?\\s*HostbasedAuthentication", line: "HostbasedAuthentication no"  }
+  - { regexp: "^#?\\s*PermitEmptyPasswords", line: "PermitEmptyPasswords no" }
+  - { regexp: "^#?\\s*UseDNS", line: "UseDNS no" }
   notify: restart ssh
 
 - name: limit allowed users
   lineinfile:
-     dest: /etc/ssh/sshd_config
-     regexp: "^AllowUsers"
-     line: "AllowUsers {{ ' '.join([ 'root' ] | union(sshserver_allowusers_group | default([])) | union(sshserver_allowusers_host | default([]))) }}"
+    dest: /etc/ssh/sshd_config
+    regexp: "^AllowUsers"
+    line: "AllowUsers {{ ' '.join([ 'root' ] | union(sshserver_allowusers_group | default([])) | union(sshserver_allowusers_host | default([]))) }}"
   notify: restart ssh
-- 
cgit v1.2.3