From 4a1aca4621f7d2a96f4bbf1e98d0040a2b275a29 Mon Sep 17 00:00:00 2001 From: Patrick Neff Date: Tue, 25 Jan 2022 10:41:33 +0100 Subject: [PATCH] initial commit --- .vscode/settings.json | 5 +++++ defaults/main.yml | 3 +++ handlers/main.yml | 4 ++++ meta/main.yml | 1 + tasks/Arch.yml | 13 +++++++++++++ tasks/Debian.yml | 13 +++++++++++++ tasks/Raspbian.yml | 13 +++++++++++++ tasks/main.yml | 17 +++++++++++++++++ 8 files changed, 69 insertions(+) create mode 100644 .vscode/settings.json create mode 100644 defaults/main.yml create mode 100644 handlers/main.yml create mode 100644 meta/main.yml create mode 100644 tasks/Arch.yml create mode 100644 tasks/Debian.yml create mode 100644 tasks/Raspbian.yml create mode 100644 tasks/main.yml diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000..237ad63 --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,5 @@ +{ + "files.associations": { + "*.yml": "ansible" + } +} diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..0f20b6d --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,3 @@ +ssh_port: "22" +ssh_password_authentication: "no" +ssh_permit_root_login: "no" diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..6aece4f --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,4 @@ +- name: restart sshd + ansible.builtin.service: + name: "{{ ssh_service }}" + state: restarted diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..32cf5dd --- /dev/null +++ b/meta/main.yml @@ -0,0 +1 @@ +dependencies: [] diff --git a/tasks/Arch.yml b/tasks/Arch.yml new file mode 100644 index 0000000..2b831de --- /dev/null +++ b/tasks/Arch.yml @@ -0,0 +1,13 @@ +- name: Ensure package is installed. + ansible.builtin.package: + name: openssh + state: present + +- set_fact: + ssh_service: sshd + +- name: Enable service. + ansible.builtin.service: + name: "{{ ssh_service }}" + enabled: true + state: started diff --git a/tasks/Debian.yml b/tasks/Debian.yml new file mode 100644 index 0000000..45779c0 --- /dev/null +++ b/tasks/Debian.yml @@ -0,0 +1,13 @@ +- name: Ensure package is installed. + ansible.builtin.package: + name: ssh + state: present + +- set_fact: + ssh_service: sshd + +- name: Enable service. + ansible.builtin.service: + name: "{{ ssh_service }}" + enabled: true + state: started diff --git a/tasks/Raspbian.yml b/tasks/Raspbian.yml new file mode 100644 index 0000000..45779c0 --- /dev/null +++ b/tasks/Raspbian.yml @@ -0,0 +1,13 @@ +- name: Ensure package is installed. + ansible.builtin.package: + name: ssh + state: present + +- set_fact: + ssh_service: sshd + +- name: Enable service. + ansible.builtin.service: + name: "{{ ssh_service }}" + enabled: true + state: started diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..d2bbc1d --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,17 @@ +- ansible.builtin.include_tasks: "{{ ansible_lsb['id'] }}.yml" + +- name: Ensure sshd_config is setup. + ansible.builtin.lineinfile: + path: /etc/ssh/sshd_config + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + validate: "/usr/sbin/sshd -T -f %s" + with_items: + - regexp: "^#?PasswordAuthentication" + line: "PasswordAuthentication {{ ssh_password_authentication }}" + - regexp: "^#?PermitRootLogin" + line: "PermitRootLogin {{ ssh_permit_root_login }}" + - regexp: "^#?Port" + line: "Port {{ ssh_port }}" + notify: + - restart sshd