mirror of
https://github.com/roles-ansible/ansible_role_sshd.git
synced 2024-08-16 11:59:49 +02:00
commit
3ea0eadf22
9 changed files with 75 additions and 23 deletions
2
.github/FUNDING.yml
vendored
2
.github/FUNDING.yml
vendored
|
@ -1,4 +1,4 @@
|
||||||
# These are supported funding model platforms
|
---
|
||||||
|
|
||||||
github: [do1jlr]
|
github: [do1jlr]
|
||||||
liberapay: L3D
|
liberapay: L3D
|
||||||
|
|
22
.github/workflows/ansible-linting-check.yml
vendored
Normal file
22
.github/workflows/ansible-linting-check.yml
vendored
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
---
|
||||||
|
name: Ansible Lint check
|
||||||
|
|
||||||
|
# yamllint disable-line rule:truthy
|
||||||
|
on: [push, pull_request]
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
build:
|
||||||
|
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v2
|
||||||
|
|
||||||
|
- name: Lint Ansible Playbook
|
||||||
|
uses: ansible/ansible-lint-action@master
|
||||||
|
with:
|
||||||
|
targets: "."
|
||||||
|
# [required]
|
||||||
|
# Paths to ansible files (i.e., playbooks, tasks, handlers etc..)
|
||||||
|
args: ""
|
||||||
|
# [optional]
|
22
.github/workflows/yamllint.yaml
vendored
Normal file
22
.github/workflows/yamllint.yaml
vendored
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
---
|
||||||
|
name: 'Yamllint GitHub Actions'
|
||||||
|
|
||||||
|
# yamllint disable-line rule:truthy
|
||||||
|
on: [push, pull_request]
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
yamllint:
|
||||||
|
name: 'Yamllint'
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- name: 'Checkout'
|
||||||
|
uses: actions/checkout@master
|
||||||
|
- name: 'Yamllint'
|
||||||
|
uses: karancode/yamllint-github-action@master
|
||||||
|
with:
|
||||||
|
yamllint_file_or_dir: '.'
|
||||||
|
yamllint_config_filepath: './.yamllint'
|
||||||
|
yamllint_strict: false
|
||||||
|
yamllint_comment: true
|
||||||
|
# env:
|
||||||
|
# GITHUB_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }
|
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
|
@ -0,0 +1 @@
|
||||||
|
.cache
|
8
.yamllint
Normal file
8
.yamllint
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
---
|
||||||
|
extends: default
|
||||||
|
|
||||||
|
rules:
|
||||||
|
# 160 chars should be enough, but don't fail if a line is longer
|
||||||
|
line-length:
|
||||||
|
max: 160
|
||||||
|
level: warning
|
|
@ -4,11 +4,14 @@
|
||||||
|
|
||||||
# set the ssh server port
|
# set the ssh server port
|
||||||
sshd__port: 22
|
sshd__port: 22
|
||||||
# ssh password authorisatuin (not recomended)
|
|
||||||
|
# ssh password authorisatuin (not recomended)
|
||||||
sshd__password_authentication: false
|
sshd__password_authentication: false
|
||||||
# should we disable not selected ssh key types?
|
|
||||||
|
# should we disable not selected ssh key types?
|
||||||
sshd__manage_key_types: true
|
sshd__manage_key_types: true
|
||||||
# choose ssh server allowed key types
|
|
||||||
|
# choose ssh server allowed key types
|
||||||
sshd__key_types:
|
sshd__key_types:
|
||||||
- 'ed25519'
|
- 'ed25519'
|
||||||
# - 'rsa'
|
# - 'rsa'
|
||||||
|
@ -56,17 +59,17 @@ sshd__macs:
|
||||||
# - 'hmac-sha1'
|
# - 'hmac-sha1'
|
||||||
|
|
||||||
# Enable AllowUsers and AllowGroups options
|
# Enable AllowUsers and AllowGroups options
|
||||||
sshd__restrict_users: True
|
sshd__restrict_users: true
|
||||||
sshd__allowed_users:
|
sshd__allowed_users:
|
||||||
- "root"
|
- "root"
|
||||||
- "ansible"
|
- "ansible"
|
||||||
sshd__restrict_groups: True
|
sshd__restrict_groups: true
|
||||||
sshd__allowed_groups:
|
sshd__allowed_groups:
|
||||||
- "root"
|
- "root"
|
||||||
- "admins"
|
- "admins"
|
||||||
sshd__xforwarding: True
|
sshd__xforwarding: true
|
||||||
|
|
||||||
sshd__state: present # use latest for upgrading
|
sshd__state: present # use latest for upgrading
|
||||||
|
|
||||||
# perform simple version check for this role? (true is recomended)
|
# perform simple version check for this role? (true is recomended)
|
||||||
submodules_versioncheck: false
|
submodules_versioncheck: false
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
- name: systemctl restart ssh
|
- name: systemctl restart ssh
|
||||||
become: yes
|
become: true
|
||||||
ansible.builtin.systemd:
|
ansible.builtin.systemd:
|
||||||
name: "{{ sshd__service }}"
|
name: "{{ sshd__service }}"
|
||||||
state: restarted
|
state: restarted
|
||||||
|
|
|
@ -1,25 +1,20 @@
|
||||||
---
|
---
|
||||||
galaxy_info:
|
galaxy_info:
|
||||||
author: L3D
|
role_name: sshd
|
||||||
|
author: do1jlr
|
||||||
description: Manage your SSH Server - and deploy a good sshd configuration
|
description: Manage your SSH Server - and deploy a good sshd configuration
|
||||||
license: "MIT"
|
license: "MIT"
|
||||||
min_ansible_version: 2.3
|
min_ansible_version: 2.8
|
||||||
github_branch: master
|
github_branch: main
|
||||||
platforms:
|
platforms:
|
||||||
- name: Archlinux
|
- name: Archlinux
|
||||||
versions: all
|
versions: all
|
||||||
- name: Debian
|
- name: Debian
|
||||||
versions:
|
versions: all
|
||||||
- stretch
|
|
||||||
- sid
|
|
||||||
- name: Ubuntu
|
- name: Ubuntu
|
||||||
versions:
|
versions: all
|
||||||
- bionic
|
|
||||||
- cosmic
|
|
||||||
- name: Fedora
|
- name: Fedora
|
||||||
versions:
|
versions: all
|
||||||
- 28
|
|
||||||
- 29
|
|
||||||
galaxy_tags:
|
galaxy_tags:
|
||||||
- ssh
|
- ssh
|
||||||
- sshd
|
- sshd
|
||||||
|
|
|
@ -11,7 +11,7 @@
|
||||||
|
|
||||||
- name: Collect all users and groups allowed to login via ssh
|
- name: Collect all users and groups allowed to login via ssh
|
||||||
set_fact:
|
set_fact:
|
||||||
sshd__allowed_users: '{{ sshd__allowed_users + users.keys() | default({}) | sort }}'
|
sshd__allowed_users: '{{ sshd__allowed_users + users.keys() | default({}) | sort }}'
|
||||||
sshd__allowed_groups: '{{ sshd__allowed_groups + users.keys() | default({}) | sort }}'
|
sshd__allowed_groups: '{{ sshd__allowed_groups + users.keys() | default({}) | sort }}'
|
||||||
|
|
||||||
- name: "try to get {{ sshd__package }} version"
|
- name: "try to get {{ sshd__package }} version"
|
||||||
|
@ -30,7 +30,8 @@
|
||||||
sshd__version_is_above_eight: true
|
sshd__version_is_above_eight: true
|
||||||
when: ansible_facts.packages[sshd__package][0].version is version('8.0', '>=')
|
when: ansible_facts.packages[sshd__package][0].version is version('8.0', '>=')
|
||||||
rescue:
|
rescue:
|
||||||
- ansible.builtin.debug:
|
- name: leave notice if version detection failed
|
||||||
|
ansible.builtin.debug:
|
||||||
msg: "Failed to detect ssh version. Set sshd__version_is_above_eight to true if you want to experience new config features from sshd version 8"
|
msg: "Failed to detect ssh version. Set sshd__version_is_above_eight to true if you want to experience new config features from sshd version 8"
|
||||||
|
|
||||||
- name: manage ssh host keys
|
- name: manage ssh host keys
|
||||||
|
|
Loading…
Reference in a new issue