tag sshd added. ohmyzsh shows no diff.

2024-03-28 12:10:26 +01:00 · 2024-03-28 12:10:26 +01:00 · 3c9bc14f6b
parent 70cf4caf0d
commit 3c9bc14f6b
2 changed files with 13 additions and 0 deletions
--- a/tasks/ohmyzsh.yml
+++ b/tasks/ohmyzsh.yml
@ -1,5 +1,6 @@
 - name: oh my zsh
  tags: ohmyzsh
+  diff: false
  git:
    repo: https://github.com/ohmyzsh/ohmyzsh
    dest: /usr/share/oh-my-zsh
--- a/tasks/sshd_config.yml
+++ b/tasks/sshd_config.yml
@ -2,10 +2,12 @@
 # vim: set expandtab tabstop=2 shiftwidth=2:

 - name: 'check sshd include option'
+  tags: sshd
  command: 'sshd -o "include /dev/null"'
  register: sshd_include_option_check
  failed_when: 'sshd_include_option_check.rc not in [1,255] or sshd_include_option_check.stderr not in ["Include directive not supported as a command-line option", "command-line: line 0: Bad configuration option: include"]'
 - name: Use only supported Ciphers, Kex Algorithms and Macs of the configured ones
+  tags: sshd
  set_fact:
    sshd_ciphers_: '{{cd|join(",")}}'
    sshd_kex_algorithms_: '{{kd|join(",")}}'
@ -29,8 +31,10 @@
  - '[] == sshd_kex_algorithms_'
  - '[] == sshd_macs_'
 - when: 'true == sshd_include_option'
+  tags: sshd
  block:
  - name: '/etc/ssh/sshd_config.d'
+    tags: sshd
    file:
      state: directory
      path: '/etc/ssh/sshd_config.d'
@ -38,6 +42,7 @@
      group: root
      mode: 0644
  - name: 'sshd_config.d/99-default.conf'
+    tags: sshd
    template:
      src:  'sshd-default.conf.j2'
      dest: '/etc/ssh/sshd_config.d/99-default.conf'
@ -50,9 +55,12 @@
      regexp:       '^\s*include\s+/etc/ssh/sshd_config.d/'
      line:         'include /etc/ssh/sshd_config.d/*.conf'
      firstmatch:   true
+    tags: sshd
 - when: 'false == sshd_include_option'
+  tags: sshd
  block:
  - name: sshd_config
+    tags: sshd
    lineinfile:
      path:        /etc/ssh/sshd_config
      insertafter: '^\s*#\s*{{item.key}}\s+'
@ -70,24 +78,28 @@
      MACs:                   '{{sshd_macs_}}'
      KexAlgorithms:          '{{sshd_kex_algorithms_}}'
  - name: sshd_config
+    tags: sshd
    lineinfile:
      path:        /etc/ssh/sshd_config
      insertbefore: '\s*#?\s*HostKey\s+'
      regexp:       '^# HostKeys for protocol'
      line:         '# HostKeys for protocol'
  - name: sshd_config - prefer ed25519
+    tags: sshd
    lineinfile:
      path:        /etc/ssh/sshd_config
      insertafter: '^# HostKeys for protocol'
      regexp:      '^\s*HostKey\s+/etc/ssh/ssh_host_ed25519_key\s*$'
      line:        'HostKey /etc/ssh/ssh_host_ed25519_key'
  - name: sshd_config - fallback rsa
+    tags: sshd
    lineinfile:
      path:        /etc/ssh/sshd_config
      insertafter: '^\s*HostKey\s+/etc/ssh/ssh_host_ed25519_key\s*$'
      regexp:      '^\s*HostKey\s+/etc/ssh/ssh_host_rsa_key\s*$'
      line:        'HostKey /etc/ssh/ssh_host_rsa_key'
  - name: 'sshd_config - absent dsa / ecdsa'
+    tags: sshd
    lineinfile:
      path:   /etc/ssh/sshd_config
      state:  absent