Ethan Paul
96ea66b77a
Split server-specific configs out into server role Add symlink to roles for playbook directory
45 lines
1.3 KiB
YAML
45 lines
1.3 KiB
YAML
---
|
|
- name: Configure SSH authentication settings
|
|
become: true
|
|
ansible.builtin.replace:
|
|
path: /etc/ssh/sshd_config
|
|
regexp: "{{ item.regex }}"
|
|
replace: "{{ item.value }}"
|
|
notify: [restart-sshd]
|
|
loop:
|
|
- name: disable root login
|
|
regex: "^.*PermitRootLogin (yes|no).*$"
|
|
value: PermitRootLogin no
|
|
- name: disable password auth
|
|
regex: "^.*PasswordAuthentication (yes|no).*$"
|
|
value: PasswordAuthentication no
|
|
- name: disable challenge response auth
|
|
regex: "^.*ChallengeResponseAuthentication (yes|no).*$"
|
|
value: ChallengeResponseAuthentication no
|
|
- name: disable GSSAPI auth
|
|
regex: "^.*GSSAPIAuthentication (yes|no).*$"
|
|
value: GSSAPIAuthentication no
|
|
loop_control:
|
|
label: "{{ item.name }}"
|
|
|
|
- name: Disable dynamic MOTD on debian systems
|
|
when: ansible_os_family == "Debian"
|
|
ansible.builtin.replace:
|
|
path: /etc/pam.d/sshd
|
|
regexp: "^session optional pam_motd.so motd=/run/motd.dynamic"
|
|
replace: "#session optional pam_motd.so motd=/run/motd.dynamic"
|
|
|
|
- name: Disable Cockpit activation message on Rocky
|
|
when: ansible_distribution == "Rocky"
|
|
become: true
|
|
ansible.builtin.file:
|
|
path: /etc/motd.d/cockpit
|
|
state: absent
|
|
|
|
- name: Copy MOTD to remote
|
|
become: true
|
|
ansible.builtin.template:
|
|
src: motd.j2
|
|
dest: /etc/motd
|
|
mode: 0644
|