diff --git a/defaults/main.yml b/defaults/main.yml index 9a0c3cb..1ba1583 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -12,11 +12,10 @@ sshd_default_allowed_groups: - "root" - "admins" - # Enable AllowUsers and AllowGroups options restrict_allow_users: True -# Require ed25519 key +# Forcing only ed25519 SSH keys only_allow_ed25519: true # Allow login with password? @@ -27,3 +26,6 @@ generate_ecdsa_too: false use_diffie_hellman_group_exchange_sha256: false use_aes256_ctr: false use_hmac_sha2_512: false + +# version check for this playbook +submodules_versioncheck: true diff --git a/tasks/main.yml b/tasks/main.yml index 7123547..0252f4e 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,4 +1,37 @@ --- +- name: Create directory for versionscheck + become: true + file: + path: '/etc/ansible-version' + state: directory + mode: 0755 + when: submodules_versioncheck + +- name: check playbook version + become: true + slurp: + src: "{{ playbook_version_path }}" + register: playbook_version + when: submodules_versioncheck + ignore_errors: yes + +- name: Print version + debug: + msg: "Remote playbook version: '{{ playbook_version.content | default('Y3VycmVudGx5IG5vdCBkZXBsb3llZAo=') | b64decode | string }}'. Local playbook version: '{{ playbook_version_number|string }}'." + when: submodules_versioncheck + +- name: Check if your version is outdated + fail: + msg: "Your current ansible module has the version '{{ playbook_version_number }}' and is outdated. Please update it at least to version '{{ playbook_version.content | default('Y3VycmVudGx5IG5vdCBkZXBsb3llZAo=') | b64decode }}'!" + when: + - playbook_version.content|default("Mgo=")|b64decode|int - 1 >= playbook_version_number|int and submodules_versioncheck + +- name: write new version to remote disk + become: true + copy: + content: "{{ playbook_version_number }}" + dest: "{{ playbook_version_path }}" + when: submodules_versioncheck - name: register os-specific variables include_vars: default.yml diff --git a/vars/default.yml b/vars/default.yml index d956930..46b99b4 100644 --- a/vars/default.yml +++ b/vars/default.yml @@ -1,4 +1,3 @@ --- - ssh_service: ssh diff --git a/vars/main.yml b/vars/main.yml new file mode 100644 index 0000000..afc02dc --- /dev/null +++ b/vars/main.yml @@ -0,0 +1,5 @@ +--- +playbook_version_number: 100 +playbook_version_path: '/etc/ansible-version/role-sshd_chaos-bodensee_github.com.version' + +