tag sshd added. ohmyzsh shows no diff.

This commit is contained in:
Denis Knauf 2024-03-28 12:10:26 +01:00
parent 70cf4caf0d
commit 3c9bc14f6b
2 changed files with 13 additions and 0 deletions

View file

@ -1,5 +1,6 @@
- name: oh my zsh - name: oh my zsh
tags: ohmyzsh tags: ohmyzsh
diff: false
git: git:
repo: https://github.com/ohmyzsh/ohmyzsh repo: https://github.com/ohmyzsh/ohmyzsh
dest: /usr/share/oh-my-zsh dest: /usr/share/oh-my-zsh

View file

@ -2,10 +2,12 @@
# vim: set expandtab tabstop=2 shiftwidth=2: # vim: set expandtab tabstop=2 shiftwidth=2:
- name: 'check sshd include option' - name: 'check sshd include option'
tags: sshd
command: 'sshd -o "include /dev/null"' command: 'sshd -o "include /dev/null"'
register: sshd_include_option_check register: sshd_include_option_check
failed_when: 'sshd_include_option_check.rc not in [1,255] or sshd_include_option_check.stderr not in ["Include directive not supported as a command-line option", "command-line: line 0: Bad configuration option: include"]' failed_when: 'sshd_include_option_check.rc not in [1,255] or sshd_include_option_check.stderr not in ["Include directive not supported as a command-line option", "command-line: line 0: Bad configuration option: include"]'
- name: Use only supported Ciphers, Kex Algorithms and Macs of the configured ones - name: Use only supported Ciphers, Kex Algorithms and Macs of the configured ones
tags: sshd
set_fact: set_fact:
sshd_ciphers_: '{{cd|join(",")}}' sshd_ciphers_: '{{cd|join(",")}}'
sshd_kex_algorithms_: '{{kd|join(",")}}' sshd_kex_algorithms_: '{{kd|join(",")}}'
@ -29,8 +31,10 @@
- '[] == sshd_kex_algorithms_' - '[] == sshd_kex_algorithms_'
- '[] == sshd_macs_' - '[] == sshd_macs_'
- when: 'true == sshd_include_option' - when: 'true == sshd_include_option'
tags: sshd
block: block:
- name: '/etc/ssh/sshd_config.d' - name: '/etc/ssh/sshd_config.d'
tags: sshd
file: file:
state: directory state: directory
path: '/etc/ssh/sshd_config.d' path: '/etc/ssh/sshd_config.d'
@ -38,6 +42,7 @@
group: root group: root
mode: 0644 mode: 0644
- name: 'sshd_config.d/99-default.conf' - name: 'sshd_config.d/99-default.conf'
tags: sshd
template: template:
src: 'sshd-default.conf.j2' src: 'sshd-default.conf.j2'
dest: '/etc/ssh/sshd_config.d/99-default.conf' dest: '/etc/ssh/sshd_config.d/99-default.conf'
@ -50,9 +55,12 @@
regexp: '^\s*include\s+/etc/ssh/sshd_config.d/' regexp: '^\s*include\s+/etc/ssh/sshd_config.d/'
line: 'include /etc/ssh/sshd_config.d/*.conf' line: 'include /etc/ssh/sshd_config.d/*.conf'
firstmatch: true firstmatch: true
tags: sshd
- when: 'false == sshd_include_option' - when: 'false == sshd_include_option'
tags: sshd
block: block:
- name: sshd_config - name: sshd_config
tags: sshd
lineinfile: lineinfile:
path: /etc/ssh/sshd_config path: /etc/ssh/sshd_config
insertafter: '^\s*#\s*{{item.key}}\s+' insertafter: '^\s*#\s*{{item.key}}\s+'
@ -70,24 +78,28 @@
MACs: '{{sshd_macs_}}' MACs: '{{sshd_macs_}}'
KexAlgorithms: '{{sshd_kex_algorithms_}}' KexAlgorithms: '{{sshd_kex_algorithms_}}'
- name: sshd_config - name: sshd_config
tags: sshd
lineinfile: lineinfile:
path: /etc/ssh/sshd_config path: /etc/ssh/sshd_config
insertbefore: '\s*#?\s*HostKey\s+' insertbefore: '\s*#?\s*HostKey\s+'
regexp: '^# HostKeys for protocol' regexp: '^# HostKeys for protocol'
line: '# HostKeys for protocol' line: '# HostKeys for protocol'
- name: sshd_config - prefer ed25519 - name: sshd_config - prefer ed25519
tags: sshd
lineinfile: lineinfile:
path: /etc/ssh/sshd_config path: /etc/ssh/sshd_config
insertafter: '^# HostKeys for protocol' insertafter: '^# HostKeys for protocol'
regexp: '^\s*HostKey\s+/etc/ssh/ssh_host_ed25519_key\s*$' regexp: '^\s*HostKey\s+/etc/ssh/ssh_host_ed25519_key\s*$'
line: 'HostKey /etc/ssh/ssh_host_ed25519_key' line: 'HostKey /etc/ssh/ssh_host_ed25519_key'
- name: sshd_config - fallback rsa - name: sshd_config - fallback rsa
tags: sshd
lineinfile: lineinfile:
path: /etc/ssh/sshd_config path: /etc/ssh/sshd_config
insertafter: '^\s*HostKey\s+/etc/ssh/ssh_host_ed25519_key\s*$' insertafter: '^\s*HostKey\s+/etc/ssh/ssh_host_ed25519_key\s*$'
regexp: '^\s*HostKey\s+/etc/ssh/ssh_host_rsa_key\s*$' regexp: '^\s*HostKey\s+/etc/ssh/ssh_host_rsa_key\s*$'
line: 'HostKey /etc/ssh/ssh_host_rsa_key' line: 'HostKey /etc/ssh/ssh_host_rsa_key'
- name: 'sshd_config - absent dsa / ecdsa' - name: 'sshd_config - absent dsa / ecdsa'
tags: sshd
lineinfile: lineinfile:
path: /etc/ssh/sshd_config path: /etc/ssh/sshd_config
state: absent state: absent