roles/base/ssh/tasks/main.yml

   1 #####################################
   2 ### someone's ansible provisioner ###
   3 #####################################
   4 # Part of: https://git.somenet.org/root/pub/somesible.git
   5 # 2017-2024 by someone <someone@somenet.org>
   6 #
   7 ---
   8 - name: install sshd
   9   apt:
  10     pkg:
  11     - openssh-server
  12     state: present
  13     policy_rc_d: 101
  14   tags: "online"
  15   ignore_errors: "{{ignore_online_errors | bool}}"
  16
  17
  18 - name: copy sshd config
  19   copy:
  20     src: "{{item}}"
  21     dest: "/etc/ssh/sshd_config"
  22     mode: 0644
  23     owner: "root"
  24     group: "root"
  25     validate: /usr/sbin/sshd -t -f %s
  26   with_first_found:
  27     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/sshd_config"
  28     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/sshd_config"
  29     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/sshd_config"
  30     - "default/sshd_config"
  31   notify: restart sshd.service
  32
  33
  34 - name: ensure group sudo exists - sudoers can use pw to login
  35   group:
  36     name: sudo
  37     system: yes
  38     state: present
  39
  40
  41 - name: enable and start ssh.service
  42   include_role: name="base/systemd/enable-and-start"
  43   vars:
  44     service_name: ssh.service