Fix mode for files under /etc/ssh/sshd_config.d

CHANGELOG.md

@@ -64,6 +64,8 @@ The **patch** part changes is incremented if multiple releases happen the same m
 * nginx: set default server directive in default vhost
 * opendkim: update apt cache before install
 * redis: replace errorneous ini_file module for Munin config, fix dedicted Munin config filename (z-XXX).
+* evolinux-base, evolinux-users: Fix files mode under /etc/ssh/sshd_config.d
+* evolinux-base: Fix file extension
 
 ### Removed
 

evolinux-base/tasks/root.yml

@@ -106,6 +106,7 @@
     path: /etc/ssh/sshd_config.d/z-evolinux-defaults.conf
     line: "PermitRootLogin no"
     create: yes
+    mode: "0644"
     validate: '/usr/sbin/sshd -t -f %s'
   notify: reload sshd
   when:

evolinux-base/tasks/ssh.included-files.yml

@@ -7,6 +7,7 @@
   ansible.builtin.template:
     src: sshd/defaults.j2
     dest: /etc/ssh/sshd_config.d/z-evolinux-defaults.conf
+    mode: "0644"
 
 - name: "Get current user's group"
   ansible.builtin.command:
@@ -27,7 +28,7 @@
 
 - name: "Add AllowUsers sshd directive for current user"
   ansible.builtin.lineinfile:
-    dest: /etc/ssh/sshd_config.d/allow_evolinux_user
+    dest: /etc/ssh/sshd_config.d/allow_evolinux_user.conf
     line: "AllowUsers {{ logname.stdout }}"
     insertafter: 'Subsystem'
     validate: '/usr/sbin/sshd -t -f %s'

evolinux-users/tasks/ssh.yml

@@ -86,6 +86,7 @@
     path: /etc/ssh/sshd_config.d/z-evolinux-users.conf
     line: "PermitRootLogin no"
     create: yes
+    mode: "0644"
     validate: '/usr/sbin/sshd -t -f %s'
     insertbefore: "BOF"
   notify: reload sshd

evolinux-users/tasks/ssh_allowgroups.yml

@@ -39,6 +39,7 @@
     path: /etc/ssh/sshd_config.d/z-evolinux-users.conf
     line: "AllowGroups {{ evolinux_ssh_group }}"
     create: yes
+    mode: "0644"
     validate: '/usr/sbin/sshd -t -f %s'
   when:
     - ansible_distribution_major_version is version('12', '>=')