Kapisi/roles/SSH/tasks/main.yml

97 lines
1.9 KiB
YAML
Raw Normal View History

2020-10-08 16:33:19 -05:00
---
- name: SSH (ArchLinux)
2020-10-08 16:33:19 -05:00
become: yes
when: ansible_os_family == "Archlinux"
2020-10-08 16:33:19 -05:00
package:
state: present
2020-10-08 16:33:19 -05:00
name:
- openssh
2020-10-08 16:33:19 -05:00
- name: SSH (Raspbian)
2020-10-08 16:33:19 -05:00
become: yes
when: ansible_os_family == "Debian"
package:
state: present
name:
- openssh-server
- openssh-client
2020-10-08 16:33:19 -05:00
- name: Mark SSH keys as immutable
become: yes
file:
path: "{{ item }}"
attributes: i
loop:
- /etc/ssh/ssh_host_ed25519_key
- /etc/ssh/ssh_host_ed25519_key.pub
- /etc/ssh/ssh_host_rsa_key
- /etc/ssh/ssh_host_rsa_key.pub
- name: Add SSH control groups
become: yes
group:
name: "{{ item }}"
state: present
loop:
- ssh-allow
- ssh-forward
- sftp-home-jail
- name: Add SSH user to ssh-allow
become: yes
user:
name: "{{ ansible_user_id }}"
groups: ssh-allow
append: yes
- name: Copy the SSH key
authorized_key:
user: "{{ ansible_user_id }}"
state: present
key: "{{ lookup('file', lookup('env','HOME') + '/.ssh/deploy.pub') }}"
- name: SSH Config
become: yes
copy:
src: ssh_config
dest: /etc/ssh/ssh_config
2023-07-19 15:41:27 -05:00
- name: Known hosts
become: yes
copy:
src: ssh_known_hosts
dest: /etc/ssh/ssh_known_hosts
- name: SSHD Config
become: yes
register: sshd_config
copy:
src: sshd_config
dest: /etc/ssh/sshd_config
- name: Allow SSHD Includes
become: yes
file:
path: /etc/ssh/includes
state: directory
user: root
group: root
mode: 0755
- name: Restart SSHD (ArchLinux)
become: yes
when: ansible_os_family == "Archlinux" and sshd_config.changed
service:
name: sshd
state: restarted
enabled: yes
- name: Restart SSHD (Raspbian)
become: yes
when: ansible_os_family == "Debian" and sshd_config.changed
service:
name: ssh
state: restarted
enabled: yes