Merge pull request #7 from roles-ansible/r

improve docs, sshd and pubkeys
2024-08-16 10:29:50 +02:00 · 2024-04-09 18:30:13 +02:00 · 2024-04-09 18:30:13 +02:00 · 7a8f000d4c
commit 7a8f000d4c
parent 1a44a2dbed 1c4c90c51f
7 changed files with 15 additions and 8 deletions
--- a/roles/dotfiles/README.md
+++ b/roles/dotfiles/README.md
@ -69,7 +69,7 @@ There is a third directory-variable called ``l3d_users__ssh_login: []`` which on
      - name: 'charlie'
        state: 'present'

-    l3d_users__limit_login: true
-    l3d_users__create_ansible: true
-    submodules_versioncheck: true
+    l3d_users__bashrc: true
+    l3d_users__vimrc: true
+    l3d_users__tmuxcfg: true
 ```
--- a/roles/sshd/tasks/sshd_config.yml
+++ b/roles/sshd/tasks/sshd_config.yml
@ -9,11 +9,17 @@
  ansible.builtin.set_fact:
    _sshd_version: "{{ _sshd_version_cmd.stderr.split('_')[1].split(',')[0].split('p')[0] }}"

- name: Show detected ssh version
+- name: Show detected ssh version (optional)
  ansible.builtin.debug:
    msg: "SSH Version: {{ _sshd_version }}"
    verbosity: 1

+- name: Show detected ssh version is > 8.0 (optional)
+  ansible.builtin.debug:
+    msg: "SSH Version: {{ _sshd_version }} is > 8.0"
+    verbosity: 1
+  when: _sshd_version | default(7.0) | float > 8.0
+
 - name: Create SSHD configuration
  become: true
  ansible.builtin.template:
--- a/roles/sshd/templates/sshd_config.j2
+++ b/roles/sshd/templates/sshd_config.j2
@ -4,7 +4,7 @@
 # This is the sshd server system-wide configuration file.  See
 # sshd_config(5) for more information.

-{% if _sshd_version | default(7.0) | float > 8.0 | bool %}
+{% if _sshd_version | default(7.0) | float > 8.0 %}
 # Include SSHD config snippets
 # Support fot this starts with sshd 8.0
 Include /etc/ssh/sshd_config.d/*.conf
--- a/roles/sshd/vars/main.yml
+++ b/roles/sshd/vars/main.yml
@ -1,5 +1,5 @@
 ---
-playbook_version_number: 5
+playbook_version_number: 6
 playbook_version_path: 'l3d.users.sshd.version'

 l3d_users_sshd__service_var_path:
--- a/roles/user/tasks/pubkeys.yml
+++ b/roles/user/tasks/pubkeys.yml
@ -5,7 +5,7 @@
    user: "{{ user.name }}"
    state: 'present'
    key: "{{ user.pubkeys | default() }}"
-    exclusive: true
+    exclusive: "{{ user.exklusive_pubkeys | default(true) }}"
  loop: "{{ _l3d_users__merged_users }}"
  loop_control:
    label: "user={{ user.name }}"
--- a/roles/user/tasks/user_ansible.yml
+++ b/roles/user/tasks/user_ansible.yml
@ -31,6 +31,7 @@
    user: 'ansible'
    state: "{{ l3d_users__ansible_user_state | ternary('present', 'absent') }}"
    key: "{{ user.pubkeys | default() }}"
+    exclusive: false
  loop: "{{ _l3d_users__merged_users }}"
  when: user.admin | default(false) | bool and user.admin_ansible_login | default(true) | bool
  loop_control:
--- a/roles/user/vars/main.yml
+++ b/roles/user/vars/main.yml
@ -1,3 +1,3 @@
 ---
-playbook_version_number: 11
+playbook_version_number: 12
 playbook_version_path: 'l3d.users.user.version'