mirror of
https://github.com/roles-ansible/ansible_role_sshd.git
synced 2024-08-16 11:59:49 +02:00
GitHub
commit
3ea0eadf22
9 changed files with 75 additions and 23 deletions
2
.github/FUNDING.yml
vendored
2
.github/FUNDING.yml
vendored
|
|
@ -1,4 +1,4 @@
|
|||
# These are supported funding model platforms
|
||||
---
|
||||
|
||||
github: [do1jlr]
|
||||
liberapay: L3D
|
||||
|
|
|
|||
22
.github/workflows/ansible-linting-check.yml
vendored
Normal file
22
.github/workflows/ansible-linting-check.yml
vendored
Normal file
|
|
@ -0,0 +1,22 @@
|
|||
---
|
||||
name: Ansible Lint check
|
||||
|
||||
# yamllint disable-line rule:truthy
|
||||
on: [push, pull_request]
|
||||
|
||||
jobs:
|
||||
build:
|
||||
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
|
||||
- name: Lint Ansible Playbook
|
||||
uses: ansible/ansible-lint-action@master
|
||||
with:
|
||||
targets: "."
|
||||
# [required]
|
||||
# Paths to ansible files (i.e., playbooks, tasks, handlers etc..)
|
||||
args: ""
|
||||
# [optional]
|
||||
22
.github/workflows/yamllint.yaml
vendored
Normal file
22
.github/workflows/yamllint.yaml
vendored
Normal file
|
|
@ -0,0 +1,22 @@
|
|||
---
|
||||
name: 'Yamllint GitHub Actions'
|
||||
|
||||
# yamllint disable-line rule:truthy
|
||||
on: [push, pull_request]
|
||||
|
||||
jobs:
|
||||
yamllint:
|
||||
name: 'Yamllint'
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: 'Checkout'
|
||||
uses: actions/checkout@master
|
||||
- name: 'Yamllint'
|
||||
uses: karancode/yamllint-github-action@master
|
||||
with:
|
||||
yamllint_file_or_dir: '.'
|
||||
yamllint_config_filepath: './.yamllint'
|
||||
yamllint_strict: false
|
||||
yamllint_comment: true
|
||||
# env:
|
||||
# GITHUB_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }
|
||||
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
|
|
@ -0,0 +1 @@
|
|||
.cache
|
||||
8
.yamllint
Normal file
8
.yamllint
Normal file
|
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
extends: default
|
||||
|
||||
rules:
|
||||
# 160 chars should be enough, but don't fail if a line is longer
|
||||
line-length:
|
||||
max: 160
|
||||
level: warning
|
||||
|
|
@ -4,11 +4,14 @@
|
|||
|
||||
# set the ssh server port
|
||||
sshd__port: 22
|
||||
# ssh password authorisatuin (not recomended)
|
||||
|
||||
# ssh password authorisatuin (not recomended)
|
||||
sshd__password_authentication: false
|
||||
# should we disable not selected ssh key types?
|
||||
|
||||
# should we disable not selected ssh key types?
|
||||
sshd__manage_key_types: true
|
||||
# choose ssh server allowed key types
|
||||
|
||||
# choose ssh server allowed key types
|
||||
sshd__key_types:
|
||||
- 'ed25519'
|
||||
# - 'rsa'
|
||||
|
|
@ -56,17 +59,17 @@ sshd__macs:
|
|||
# - 'hmac-sha1'
|
||||
|
||||
# Enable AllowUsers and AllowGroups options
|
||||
sshd__restrict_users: True
|
||||
sshd__restrict_users: true
|
||||
sshd__allowed_users:
|
||||
- "root"
|
||||
- "ansible"
|
||||
sshd__restrict_groups: True
|
||||
sshd__restrict_groups: true
|
||||
sshd__allowed_groups:
|
||||
- "root"
|
||||
- "admins"
|
||||
sshd__xforwarding: True
|
||||
sshd__xforwarding: true
|
||||
|
||||
sshd__state: present # use latest for upgrading
|
||||
sshd__state: present # use latest for upgrading
|
||||
|
||||
# perform simple version check for this role? (true is recomended)
|
||||
submodules_versioncheck: false
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
---
|
||||
- name: systemctl restart ssh
|
||||
become: yes
|
||||
become: true
|
||||
ansible.builtin.systemd:
|
||||
name: "{{ sshd__service }}"
|
||||
state: restarted
|
||||
|
|
|
|||
|
|
@ -1,25 +1,20 @@
|
|||
---
|
||||
galaxy_info:
|
||||
author: L3D
|
||||
role_name: sshd
|
||||
author: do1jlr
|
||||
description: Manage your SSH Server - and deploy a good sshd configuration
|
||||
license: "MIT"
|
||||
min_ansible_version: 2.3
|
||||
github_branch: master
|
||||
min_ansible_version: 2.8
|
||||
github_branch: main
|
||||
platforms:
|
||||
- name: Archlinux
|
||||
versions: all
|
||||
- name: Debian
|
||||
versions:
|
||||
- stretch
|
||||
- sid
|
||||
versions: all
|
||||
- name: Ubuntu
|
||||
versions:
|
||||
- bionic
|
||||
- cosmic
|
||||
versions: all
|
||||
- name: Fedora
|
||||
versions:
|
||||
- 28
|
||||
- 29
|
||||
versions: all
|
||||
galaxy_tags:
|
||||
- ssh
|
||||
- sshd
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@
|
|||
|
||||
- name: Collect all users and groups allowed to login via ssh
|
||||
set_fact:
|
||||
sshd__allowed_users: '{{ sshd__allowed_users + users.keys() | default({}) | sort }}'
|
||||
sshd__allowed_users: '{{ sshd__allowed_users + users.keys() | default({}) | sort }}'
|
||||
sshd__allowed_groups: '{{ sshd__allowed_groups + users.keys() | default({}) | sort }}'
|
||||
|
||||
- name: "try to get {{ sshd__package }} version"
|
||||
|
|
@ -30,7 +30,8 @@
|
|||
sshd__version_is_above_eight: true
|
||||
when: ansible_facts.packages[sshd__package][0].version is version('8.0', '>=')
|
||||
rescue:
|
||||
- ansible.builtin.debug:
|
||||
- name: leave notice if version detection failed
|
||||
ansible.builtin.debug:
|
||||
msg: "Failed to detect ssh version. Set sshd__version_is_above_eight to true if you want to experience new config features from sshd version 8"
|
||||
|
||||
- name: manage ssh host keys
|
||||
|
|
|
|||
Loading…
Reference in a new issue