44 lines
1.0 KiB
YAML
44 lines
1.0 KiB
YAML
---
|
|
- name: Deploy complete SSH server configuration
|
|
hosts: all
|
|
become: true
|
|
gather_facts: false
|
|
|
|
tasks:
|
|
- name: Deploy base /etc/ssh/sshd_config file
|
|
template:
|
|
src: templates/sshd/sshd_config.j2
|
|
dest: /etc/ssh/sshd_config
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
notify: Reload SSH
|
|
|
|
- name: Deploy hardened global ssh config include
|
|
template:
|
|
src: templates/sshd/00-global.conf.j2
|
|
dest: /etc/ssh/sshd_config.d/00-global.conf
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
notify: Reload SSH
|
|
|
|
- name: Deploy LAN password bypass config include
|
|
template:
|
|
src: templates/sshd/99-lan-bypass.conf.j2
|
|
dest: /etc/ssh/sshd_config.d/99-lan-bypass.conf
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
notify: Reload SSH
|
|
|
|
- name: Validate sshd configuration syntax
|
|
command: sshd -t
|
|
changed_when: false
|
|
|
|
handlers:
|
|
- name: Reload SSH
|
|
service:
|
|
name: ssh
|
|
state: reloaded
|