accounts: use a variable for sshd PermitRootLogin

2022-09-02 17:16:30 +02:00 · 2022-09-02 17:16:30 +02:00 · 3d941a99a3
parent aed61c3df6
commit 3d941a99a3
2 changed files with 4 additions and 2 deletions
--- a/roles/accounts/defaults/main.yml
+++ b/roles/accounts/defaults/main.yml
@ -0,0 +1,2 @@
+---
+evobsd_root_login: "no"
--- a/roles/accounts/tasks/main.yml
+++ b/roles/accounts/tasks/main.yml
@ -107,8 +107,8 @@
 - name: "Disable root login"
  replace:
    dest: /etc/ssh/sshd_config
-    regexp: '^PermitRootLogin (yes|without-password|prohibit-password)'
-    replace: "PermitRootLogin no"
+    regexp: '^PermitRootLogin\s+(yes|without-password|prohibit-password)'
+    replace: "PermitRootLogin {{ evobsd_root_login }}"
  notify: reload sshd
  tags:
    - accounts