sshd

2022-09-03 00:35:35 +12:00 · 2022-09-03 00:35:35 +12:00 · 2c24ade913
commit 2c24ade913
parent 424fe250d8
5 changed files with 57 additions and 1 deletions
--- a/ansible/group_vars/all.yaml
+++ b/ansible/group_vars/all.yaml
@ -0,0 +1 @@
+---
--- a/ansible/host_vars/lab.yaml
+++ b/ansible/host_vars/lab.yaml
@ -0,0 +1,6 @@
+---
+
+# sshd
+
+authorized_keys_file: lab_authorized_keys
+openssh_configuration_src: sshd_config_arch
--- a/ansible/playbooks/lab.yaml
+++ b/ansible/playbooks/lab.yaml
@ -0,0 +1,9 @@
+---
+- name: Configure lab host
+  gather_facts: true
+  hosts: lab
+  become: true
+
+  roles:
+    - sshd
+    - firewall
--- a/ansible/roles/sshd/handlers/main.yml
+++ b/ansible/roles/sshd/handlers/main.yml
@ -0,0 +1,9 @@
+---
+
+- name: restart openssh
+  ansible.builtin.service:
+    name: "{{ openssh_service }}"
+    state: restarted
+  when:
+    - not ansible_check_mode
+    - not openssh_restart_immediately
--- a/ansible/roles/sshd/tasks/main.yml
+++ b/ansible/roles/sshd/tasks/main.yml
@ -4,4 +4,35 @@
    name: "{{ openssh_packages }}"
    state: latest
    update_cache: true
-    reason: explicit
+    reason: explicit
+  when:
+    - ansible_os_family == 'Arch'
+
+- name: add authorized keys
+  ansible.builtin.copy:
+    dest: "/home/{{ ansible_user }}/.ssh/authorized_keys"
+    src: "{{ authorized_keys_file }}"
+    mode: 0600
+    owner: "{{ ansible_user }}"
+    group: "{{ ansible_user }}"
+
+- name: configure openssh
+  ansible.builtin.copy:
+    dest: "{{ openssh_configuration_file }}"
+    src: "{{ openssh_configuration_src }}"
+    mode: "{{ openssh_configuration_mode }}"
+    owner: root
+    group: root
+  notify:
+    - restart openssh
+
+- name: start and enable openssh
+  ansible.builtin.service:
+    name: "{{ openssh_service }}"
+    state: started
+    enabled: yes
+
+- name: flush handlers
+  ansible.builtin.meta: flush_handlers
+  when:
+    - openssh_restart_immediately