This repository has been archived on 2022-07-19. You can view files and clone it, but cannot push or open issues or pull requests.
autonomic.sshd/tasks/main.yml

47 lines
1.2 KiB
YAML

---
- name: Ensure mandatory variables are configured
assert:
that: "{{ item }} is defined"
fail_msg: "You must define the '{{ item }}' variable"
with_items:
- sshd_user_accounts
- name: Disable root SSH login
lineinfile:
line: PermitRootLogin no
dest: /etc/ssh/sshd_config
regexp: "^#?PermitRootLogin"
when: not sshd_permit_root_login
notify: Restart SSH
- name: Do not allow SSH access using passwords
lineinfile:
line: PasswordAuthentication no
dest: /etc/ssh/sshd_config
regexp: "^#?PasswordAuthentication"
notify: Restart SSH
- name: Include resource variables
include_vars: "{{ sshd_user_accounts }}"
tags:
# Note(d1): we already load in converge.yml so skip here
- molecule-notest
- name: Register the list of members
set_fact:
members_list: "{{ members | map(attribute='username') | list | join(' ') }}"
- name: "Only allow logins from {{ members_list }}"
lineinfile:
line: "AllowUsers {{ members_list }}"
dest: /etc/ssh/sshd_config
regexp: "^#?AllowUsers"
notify: Restart SSH
- name: "Set SSH port to {{ sshd_port }}"
lineinfile:
line: "Port {{ sshd_port }}"
dest: /etc/ssh/sshd_config
regexp: "^#?Port"
notify: Restart SSH