From 2e1db1e216b941febc667d9301e910c37481ecf9 Mon Sep 17 00:00:00 2001
From: Lilian Roller <lilian.roller@wingcon.com>
Date: Wed, 27 Mar 2019 15:16:55 +0100
Subject: [PATCH] Add ssh group variable

---
 defaults/main.yml | 6 ++++++
 tasks/main.yml    | 4 +---
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 4cb9287..e4ef4ee 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -4,5 +4,11 @@ sshd_default_allowed_users:
   - "root"
   - "ansible"
 
+# don't forget to add the ssh_access group!
+sshd_default_allowed_groups:
+  - "root"
+  - "admins"
+
+
 # Enable AllowUsers and AllowGroups options
 restrict_allow_users: True
diff --git a/tasks/main.yml b/tasks/main.yml
index 97b2fc1..e42380f 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -12,12 +12,10 @@
    - ansible_distribution == 'Fedora'
    - ansible_distribution == 'Archlinux'
 
-
 - name: Collect all users and groups allowed to login via ssh
   set_fact:
     sshd_allow_users:  '{{ sshd_default_allowed_users + users.keys() | default({}) | sort }}'
-    sshd_allow_groups: '{{ ["root", "admins"] + users.keys() | default({}) | sort }}'
-
+    sshd_allow_groups: '{{ sshd_default_allowed_groups + users.keys() | default({}) | sort }}'
 
 - name: Copy sshd configuration
   become: yes