96 lines
1.9 KiB
YAML
96 lines
1.9 KiB
YAML
---
|
|
|
|
- name: SSH (ArchLinux)
|
|
become: yes
|
|
when: ansible_os_family == "Archlinux"
|
|
package:
|
|
state: present
|
|
name:
|
|
- openssh
|
|
|
|
- name: SSH (Raspbian)
|
|
become: yes
|
|
when: ansible_os_family == "Debian"
|
|
package:
|
|
state: present
|
|
name:
|
|
- openssh-server
|
|
- openssh-client
|
|
|
|
- name: Mark SSH keys as immutable
|
|
become: yes
|
|
file:
|
|
path: "{{ item }}"
|
|
attributes: i
|
|
loop:
|
|
- /etc/ssh/ssh_host_ed25519_key
|
|
- /etc/ssh/ssh_host_ed25519_key.pub
|
|
- /etc/ssh/ssh_host_rsa_key
|
|
- /etc/ssh/ssh_host_rsa_key.pub
|
|
|
|
- name: Add SSH control groups
|
|
become: yes
|
|
group:
|
|
name: "{{ item }}"
|
|
state: present
|
|
loop:
|
|
- ssh
|
|
- sftp
|
|
|
|
- name: Add SSH user to ssh group
|
|
become: yes
|
|
user:
|
|
name: "{{ ansible_user_id }}"
|
|
groups: ssh
|
|
append: yes
|
|
|
|
- name: Copy the SSH key
|
|
authorized_key:
|
|
user: "{{ ansible_user_id }}"
|
|
state: present
|
|
key: "{{ lookup('file', lookup('env','HOME') + '/.ssh/deploy.pub') }}"
|
|
|
|
- name: SSH Config
|
|
become: yes
|
|
copy:
|
|
src: ssh_config
|
|
dest: /etc/ssh/ssh_config
|
|
|
|
- name: Known hosts
|
|
become: yes
|
|
copy:
|
|
src: ssh_known_hosts
|
|
dest: /etc/ssh/ssh_known_hosts
|
|
|
|
- name: SSHD Config
|
|
become: yes
|
|
register: sshd_config
|
|
copy:
|
|
src: sshd_config
|
|
dest: /etc/ssh/sshd_config
|
|
|
|
- name: Allow SSHD Includes
|
|
become: yes
|
|
file:
|
|
path: /etc/ssh/includes
|
|
state: directory
|
|
owner: root
|
|
group: root
|
|
mode: 0755
|
|
|
|
- name: Restart SSHD (ArchLinux)
|
|
become: yes
|
|
when: ansible_os_family == "Archlinux" and sshd_config.changed
|
|
service:
|
|
name: sshd
|
|
state: restarted
|
|
enabled: yes
|
|
|
|
- name: Restart SSHD (Raspbian)
|
|
become: yes
|
|
when: ansible_os_family == "Debian" and sshd_config.changed
|
|
service:
|
|
name: ssh
|
|
state: restarted
|
|
enabled: yes
|