From 3c9bc14f6b740054aaf7c04fb13fb7576ec0b6e4 Mon Sep 17 00:00:00 2001
From: Denis Knauf <deac+git@denkn.at>
Date: Thu, 28 Mar 2024 12:10:26 +0100
Subject: [PATCH] tag sshd added. ohmyzsh shows no diff.

---
 tasks/ohmyzsh.yml     |  1 +
 tasks/sshd_config.yml | 12 ++++++++++++
 2 files changed, 13 insertions(+)

diff --git a/tasks/ohmyzsh.yml b/tasks/ohmyzsh.yml
index 910efb4..61302ea 100644
--- a/tasks/ohmyzsh.yml
+++ b/tasks/ohmyzsh.yml
@@ -1,5 +1,6 @@
 - name: oh my zsh
   tags: ohmyzsh
+  diff: false
   git:
     repo: https://github.com/ohmyzsh/ohmyzsh
     dest: /usr/share/oh-my-zsh
diff --git a/tasks/sshd_config.yml b/tasks/sshd_config.yml
index 9c2d76c..d17d0bb 100644
--- a/tasks/sshd_config.yml
+++ b/tasks/sshd_config.yml
@@ -2,10 +2,12 @@
 # vim: set expandtab tabstop=2 shiftwidth=2:
 
 - name: 'check sshd include option'
+  tags: sshd
   command: 'sshd -o "include /dev/null"'
   register: sshd_include_option_check
   failed_when: 'sshd_include_option_check.rc not in [1,255] or sshd_include_option_check.stderr not in ["Include directive not supported as a command-line option", "command-line: line 0: Bad configuration option: include"]'
 - name: Use only supported Ciphers, Kex Algorithms and Macs of the configured ones
+  tags: sshd
   set_fact:
     sshd_ciphers_: '{{cd|join(",")}}'
     sshd_kex_algorithms_: '{{kd|join(",")}}'
@@ -29,8 +31,10 @@
   - '[] == sshd_kex_algorithms_'
   - '[] == sshd_macs_'
 - when: 'true == sshd_include_option'
+  tags: sshd
   block:
   - name: '/etc/ssh/sshd_config.d'
+    tags: sshd
     file:
       state: directory
       path: '/etc/ssh/sshd_config.d'
@@ -38,6 +42,7 @@
       group: root
       mode: 0644
   - name: 'sshd_config.d/99-default.conf'
+    tags: sshd
     template:
       src:  'sshd-default.conf.j2'
       dest: '/etc/ssh/sshd_config.d/99-default.conf'
@@ -50,9 +55,12 @@
       regexp:       '^\s*include\s+/etc/ssh/sshd_config.d/'
       line:         'include /etc/ssh/sshd_config.d/*.conf'
       firstmatch:   true
+    tags: sshd
 - when: 'false == sshd_include_option'
+  tags: sshd
   block:
   - name: sshd_config
+    tags: sshd
     lineinfile:
       path:        /etc/ssh/sshd_config
       insertafter: '^\s*#\s*{{item.key}}\s+'
@@ -70,24 +78,28 @@
       MACs:                   '{{sshd_macs_}}'
       KexAlgorithms:          '{{sshd_kex_algorithms_}}'
   - name: sshd_config
+    tags: sshd
     lineinfile:
       path:        /etc/ssh/sshd_config
       insertbefore: '\s*#?\s*HostKey\s+'
       regexp:       '^# HostKeys for protocol'
       line:         '# HostKeys for protocol'
   - name: sshd_config - prefer ed25519
+    tags: sshd
     lineinfile:
       path:        /etc/ssh/sshd_config
       insertafter: '^# HostKeys for protocol'
       regexp:      '^\s*HostKey\s+/etc/ssh/ssh_host_ed25519_key\s*$'
       line:        'HostKey /etc/ssh/ssh_host_ed25519_key'
   - name: sshd_config - fallback rsa
+    tags: sshd
     lineinfile:
       path:        /etc/ssh/sshd_config
       insertafter: '^\s*HostKey\s+/etc/ssh/ssh_host_ed25519_key\s*$'
       regexp:      '^\s*HostKey\s+/etc/ssh/ssh_host_rsa_key\s*$'
       line:        'HostKey /etc/ssh/ssh_host_rsa_key'
   - name: 'sshd_config - absent dsa / ecdsa'
+    tags: sshd
     lineinfile:
       path:   /etc/ssh/sshd_config
       state:  absent