evolix/ansible-roles
22
2
Fork 2
Code Issues 61 Pull requests 19 Releases 33 Wiki Activity
ansible-roles/evolinux-base/tasks/ssh.included-files.yml
Alexis Ben Miloud--Josselin 73c0a0d29a
All checks were successful
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2622|10|2612|10|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/335//ansiblelint">Evolix » ansible-roles » unstable #335</a>
Details
gitea/ansible-roles/pipeline/head This commit looks good
Details
evolinux-base: include files under sshd_config.d 
In case we need to add the Include directive, we add it at the
beginning of the global configuration file. This way the Include
directive can't be inside a Match directive.
2023-08-31 17:09:43 +02:00

50 lines
1.6 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
- ansible.builtin.debug:
msg: "Warning: empty 'evolinux_ssh_password_auth_addresses' variable, some configuration elements won't be set!"
when: evolinux_ssh_password_auth_addresses == []
- name: files under /etc/ssh/sshd_config.d are included
ansible.builtin.lineinfile:
path: /etc/ssh/sshd_config
line: "Include /etc/ssh/sshd_config.d/*.conf"
insertbefore: BOF
notify: reload ssh
- name: add SSH server configuration template
ansible.builtin.template:
src: sshd/defaults.j2
dest: /etc/ssh/sshd_config.d/z-evolinux-defaults.conf
mode: "0644"
- name: "Get current user's group"
ansible.builtin.command:
cmd: logname
changed_when: False
register: logname
check_mode: no
when: evolinux_ssh_allow_current_user | bool
- name: verify AllowUsers directive
ansible.builtin.command:
cmd: "grep -ER '^AllowUsers' /etc/ssh"
failed_when: False
changed_when: False
register: grep_allowusers_ssh
check_mode: no
when: evolinux_ssh_allow_current_user | bool
- name: "Add AllowUsers sshd directive for current user"
ansible.builtin.lineinfile:
dest: /etc/ssh/sshd_config.d/allow_evolinux_user.conf
line: "AllowUsers {{ logname.stdout }}"
insertafter: 'Subsystem'
validate: '/usr/sbin/sshd -t -f %s'
notify: reload sshd
when: evolinux_ssh_allow_current_user and grep_allowusers_ssh.rc != 0
- ansible.builtin.meta: flush_handlers
# TODO vérifier présence de Include /etc/ssh/sshd_config.d/*.conf
# TODO si allowusers et allowgroups, ajouter utilisateur aux deux
# TODO si allowgroups, ajouter groupe de lutilisateur
Reference in a new issue View git blame Copy permalink