Ethan Paul
f1639dce1e
The overall config this will end up with is going to be nowhere near complicated enough to require the segmented structure of roles. A single directory of reusable tasks and resources will be much better
30 lines
824 B
YAML
30 lines
824 B
YAML
---
|
|
- name: Set parameters in sshd config
|
|
become: true
|
|
lineinfile:
|
|
path: /etc/ssh/sshd_config
|
|
regexp: "{{ item.match }}"
|
|
line: "{{ item.set }}"
|
|
state: present
|
|
loop:
|
|
- match: "#?PermitRootLogin (yes|no)"
|
|
set: "PermitRootLogin no"
|
|
- match: "#?Banner (none|/etc/issue.net)"
|
|
set: "Banner /etc/issue.net"
|
|
- match: "#?PasswordAuthentication (yes|no)"
|
|
set: "PasswordAuthentication no"
|
|
- match: "#?GSSAPIAuthentication (yes|no)"
|
|
set: "GSSAPIAuthentication no"
|
|
- match: "#?ChallengeResponseAuthentication (yes|no)"
|
|
set: "ChallengeResponseAuthentication no"
|
|
loop_control:
|
|
label: "{{ item.set }}"
|
|
register: _sshd_config_result
|
|
|
|
- name: Restart sshd service
|
|
when: _sshd_config_result.changed
|
|
become: true
|
|
systemd:
|
|
name: sshd
|
|
state: restarted
|