Overhaul reuse structure from role to task orientation
The overall config this will end up with is going to be nowhere near complicated enough to require the segmented structure of roles. A single directory of reusable tasks and resources will be much better
This commit is contained in:
7
tasks/sshd/banner.yml
Normal file
7
tasks/sshd/banner.yml
Normal file
@@ -0,0 +1,7 @@
|
||||
---
|
||||
- name: Install SSH Banner
|
||||
become: true
|
||||
template:
|
||||
src: motd.j2
|
||||
dest: /etc/issue.net
|
||||
mode: 0644
|
||||
29
tasks/sshd/secure.yml
Normal file
29
tasks/sshd/secure.yml
Normal file
@@ -0,0 +1,29 @@
|
||||
---
|
||||
- name: Set parameters in sshd config
|
||||
become: true
|
||||
lineinfile:
|
||||
path: /etc/ssh/sshd_config
|
||||
regexp: "{{ item.match }}"
|
||||
line: "{{ item.set }}"
|
||||
state: present
|
||||
loop:
|
||||
- match: "#?PermitRootLogin (yes|no)"
|
||||
set: "PermitRootLogin no"
|
||||
- match: "#?Banner (none|/etc/issue.net)"
|
||||
set: "Banner /etc/issue.net"
|
||||
- match: "#?PasswordAuthentication (yes|no)"
|
||||
set: "PasswordAuthentication no"
|
||||
- match: "#?GSSAPIAuthentication (yes|no)"
|
||||
set: "GSSAPIAuthentication no"
|
||||
- match: "#?ChallengeResponseAuthentication (yes|no)"
|
||||
set: "ChallengeResponseAuthentication no"
|
||||
loop_control:
|
||||
label: "{{ item.set }}"
|
||||
register: _sshd_config_result
|
||||
|
||||
- name: Restart sshd service
|
||||
when: _sshd_config_result.changed
|
||||
become: true
|
||||
systemd:
|
||||
name: sshd
|
||||
state: restarted
|
||||
Reference in New Issue
Block a user