From 2c24ade9131a5d34845fd56acf20229c5d61420b Mon Sep 17 00:00:00 2001 From: michael Date: Sat, 3 Sep 2022 00:35:35 +1200 Subject: [PATCH] sshd --- ansible/group_vars/all.yaml | 1 + ansible/host_vars/lab.yaml | 6 +++++ ansible/playbooks/lab.yaml | 9 ++++++++ ansible/roles/sshd/handlers/main.yml | 9 ++++++++ ansible/roles/sshd/tasks/main.yml | 33 +++++++++++++++++++++++++++- 5 files changed, 57 insertions(+), 1 deletion(-) create mode 100644 ansible/group_vars/all.yaml create mode 100644 ansible/host_vars/lab.yaml create mode 100644 ansible/playbooks/lab.yaml create mode 100644 ansible/roles/sshd/handlers/main.yml diff --git a/ansible/group_vars/all.yaml b/ansible/group_vars/all.yaml new file mode 100644 index 0000000..ed97d53 --- /dev/null +++ b/ansible/group_vars/all.yaml @@ -0,0 +1 @@ +--- diff --git a/ansible/host_vars/lab.yaml b/ansible/host_vars/lab.yaml new file mode 100644 index 0000000..8120458 --- /dev/null +++ b/ansible/host_vars/lab.yaml @@ -0,0 +1,6 @@ +--- + +# sshd + +authorized_keys_file: lab_authorized_keys +openssh_configuration_src: sshd_config_arch \ No newline at end of file diff --git a/ansible/playbooks/lab.yaml b/ansible/playbooks/lab.yaml new file mode 100644 index 0000000..608d77e --- /dev/null +++ b/ansible/playbooks/lab.yaml @@ -0,0 +1,9 @@ +--- +- name: Configure lab host + gather_facts: true + hosts: lab + become: true + + roles: + - sshd + - firewall \ No newline at end of file diff --git a/ansible/roles/sshd/handlers/main.yml b/ansible/roles/sshd/handlers/main.yml new file mode 100644 index 0000000..ea8be4f --- /dev/null +++ b/ansible/roles/sshd/handlers/main.yml @@ -0,0 +1,9 @@ +--- + +- name: restart openssh + ansible.builtin.service: + name: "{{ openssh_service }}" + state: restarted + when: + - not ansible_check_mode + - not openssh_restart_immediately \ No newline at end of file diff --git a/ansible/roles/sshd/tasks/main.yml b/ansible/roles/sshd/tasks/main.yml index 9e2beaa..8d4340e 100644 --- a/ansible/roles/sshd/tasks/main.yml +++ b/ansible/roles/sshd/tasks/main.yml @@ -4,4 +4,35 @@ name: "{{ openssh_packages }}" state: latest update_cache: true - reason: explicit \ No newline at end of file + reason: explicit + when: + - ansible_os_family == 'Arch' + +- name: add authorized keys + ansible.builtin.copy: + dest: "/home/{{ ansible_user }}/.ssh/authorized_keys" + src: "{{ authorized_keys_file }}" + mode: 0600 + owner: "{{ ansible_user }}" + group: "{{ ansible_user }}" + +- name: configure openssh + ansible.builtin.copy: + dest: "{{ openssh_configuration_file }}" + src: "{{ openssh_configuration_src }}" + mode: "{{ openssh_configuration_mode }}" + owner: root + group: root + notify: + - restart openssh + +- name: start and enable openssh + ansible.builtin.service: + name: "{{ openssh_service }}" + state: started + enabled: yes + +- name: flush handlers + ansible.builtin.meta: flush_handlers + when: + - openssh_restart_immediately \ No newline at end of file