]> git.somenet.org - root/pub/somesible.git/blob - roles/base/ssh/tasks/main.yml
roles/base/backup/files
[root/pub/somesible.git] / roles / base / ssh / tasks / main.yml
1 #####################################
2 ### someone's ansible provisioner ###
3 #####################################
4 # Part of: https://git.somenet.org/root/pub/somesible.git
5 # 2017-2024 by someone <someone@somenet.org>
6 #
7 ---
8 - name: install sshd
9   apt:
10     pkg:
11     - openssh-server
12     state: present
13     policy_rc_d: 101
14   tags: "online"
15   ignore_errors: "{{ignore_online_errors | bool}}"
16
17
18 - name: copy sshd config
19   copy:
20     src: "{{item}}"
21     dest: "/etc/ssh/sshd_config"
22     mode: 0644
23     owner: "root"
24     group: "root"
25     validate: /usr/sbin/sshd -t -f %s
26   with_first_found:
27     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/sshd_config"
28     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/sshd_config"
29     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/sshd_config"
30     - "default/sshd_config"
31   notify: restart sshd.service
32
33
34 - name: ensure group sudo exists - sudoers can use pw to login
35   group:
36     name: sudo
37     system: yes
38     state: present
39
40
41 - name: enable and start ssh.service
42   include_role: name="base/systemd/enable-and-start"
43   vars:
44     service_name: ssh.service