forked from evolix/ansible-roles
evolinux-base: include files under sshd_config.d
In case we need to add the Include directive, we add it at the beginning of the global configuration file. This way the Include directive can't be inside a Match directive.
This commit is contained in:
parent
354c11fc25
commit
73c0a0d29a
|
@ -58,6 +58,7 @@ The **patch** part changes is incremented if multiple releases happen the same m
|
|||
* postgresql: fix task "update apt cache" for PGDG repo
|
||||
* postgresql: fix file postgresql.pref.j2 for exclude package
|
||||
* lxc-php: Change lxc container in bookworm for php82
|
||||
* evolinux-base: include files under `sshd_config.d`
|
||||
|
||||
### Fixed
|
||||
|
||||
|
|
|
@ -101,6 +101,16 @@
|
|||
- evolinux_root_disable_ssh | bool
|
||||
- ansible_distribution_major_version is version('11', '<=')
|
||||
|
||||
- name: files under /etc/ssh/sshd_config.d are included (Debian >= 12)
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/ssh/sshd_config
|
||||
line: "Include /etc/ssh/sshd_config.d/*.conf"
|
||||
insertbefore: BOF
|
||||
notify: reload ssh
|
||||
when:
|
||||
- evolinux_root_disable_ssh | bool
|
||||
- ansible_distribution_major_version is version('12', '>=')
|
||||
|
||||
- name: disable SSH access for root (Debian >= 12)
|
||||
ansible.builtin.replace:
|
||||
path: /etc/ssh/sshd_config.d/z-evolinux-defaults.conf
|
||||
|
|
|
@ -3,6 +3,13 @@
|
|||
msg: "Warning: empty 'evolinux_ssh_password_auth_addresses' variable, some configuration elements won't be set!"
|
||||
when: evolinux_ssh_password_auth_addresses == []
|
||||
|
||||
- name: files under /etc/ssh/sshd_config.d are included
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/ssh/sshd_config
|
||||
line: "Include /etc/ssh/sshd_config.d/*.conf"
|
||||
insertbefore: BOF
|
||||
notify: reload ssh
|
||||
|
||||
- name: add SSH server configuration template
|
||||
ansible.builtin.template:
|
||||
src: sshd/defaults.j2
|
||||
|
|
Loading…
Reference in a new issue