tag sshd added. ohmyzsh shows no diff.
This commit is contained in:
Denis Knauf
parent
70cf4caf0d
commit
3c9bc14f6b
2 changed files with 13 additions and 0 deletions
|
|
@ -1,5 +1,6 @@
|
||||||
- name: oh my zsh
|
- name: oh my zsh
|
||||||
tags: ohmyzsh
|
tags: ohmyzsh
|
||||||
|
diff: false
|
||||||
git:
|
git:
|
||||||
repo: https://github.com/ohmyzsh/ohmyzsh
|
repo: https://github.com/ohmyzsh/ohmyzsh
|
||||||
dest: /usr/share/oh-my-zsh
|
dest: /usr/share/oh-my-zsh
|
||||||
|
|
|
||||||
|
|
@ -2,10 +2,12 @@
|
||||||
# vim: set expandtab tabstop=2 shiftwidth=2:
|
# vim: set expandtab tabstop=2 shiftwidth=2:
|
||||||
|
|
||||||
- name: 'check sshd include option'
|
- name: 'check sshd include option'
|
||||||
|
tags: sshd
|
||||||
command: 'sshd -o "include /dev/null"'
|
command: 'sshd -o "include /dev/null"'
|
||||||
register: sshd_include_option_check
|
register: sshd_include_option_check
|
||||||
failed_when: 'sshd_include_option_check.rc not in [1,255] or sshd_include_option_check.stderr not in ["Include directive not supported as a command-line option", "command-line: line 0: Bad configuration option: include"]'
|
failed_when: 'sshd_include_option_check.rc not in [1,255] or sshd_include_option_check.stderr not in ["Include directive not supported as a command-line option", "command-line: line 0: Bad configuration option: include"]'
|
||||||
- name: Use only supported Ciphers, Kex Algorithms and Macs of the configured ones
|
- name: Use only supported Ciphers, Kex Algorithms and Macs of the configured ones
|
||||||
|
tags: sshd
|
||||||
set_fact:
|
set_fact:
|
||||||
sshd_ciphers_: '{{cd|join(",")}}'
|
sshd_ciphers_: '{{cd|join(",")}}'
|
||||||
sshd_kex_algorithms_: '{{kd|join(",")}}'
|
sshd_kex_algorithms_: '{{kd|join(",")}}'
|
||||||
|
|
@ -29,8 +31,10 @@
|
||||||
- '[] == sshd_kex_algorithms_'
|
- '[] == sshd_kex_algorithms_'
|
||||||
- '[] == sshd_macs_'
|
- '[] == sshd_macs_'
|
||||||
- when: 'true == sshd_include_option'
|
- when: 'true == sshd_include_option'
|
||||||
|
tags: sshd
|
||||||
block:
|
block:
|
||||||
- name: '/etc/ssh/sshd_config.d'
|
- name: '/etc/ssh/sshd_config.d'
|
||||||
|
tags: sshd
|
||||||
file:
|
file:
|
||||||
state: directory
|
state: directory
|
||||||
path: '/etc/ssh/sshd_config.d'
|
path: '/etc/ssh/sshd_config.d'
|
||||||
|
|
@ -38,6 +42,7 @@
|
||||||
group: root
|
group: root
|
||||||
mode: 0644
|
mode: 0644
|
||||||
- name: 'sshd_config.d/99-default.conf'
|
- name: 'sshd_config.d/99-default.conf'
|
||||||
|
tags: sshd
|
||||||
template:
|
template:
|
||||||
src: 'sshd-default.conf.j2'
|
src: 'sshd-default.conf.j2'
|
||||||
dest: '/etc/ssh/sshd_config.d/99-default.conf'
|
dest: '/etc/ssh/sshd_config.d/99-default.conf'
|
||||||
|
|
@ -50,9 +55,12 @@
|
||||||
regexp: '^\s*include\s+/etc/ssh/sshd_config.d/'
|
regexp: '^\s*include\s+/etc/ssh/sshd_config.d/'
|
||||||
line: 'include /etc/ssh/sshd_config.d/*.conf'
|
line: 'include /etc/ssh/sshd_config.d/*.conf'
|
||||||
firstmatch: true
|
firstmatch: true
|
||||||
|
tags: sshd
|
||||||
- when: 'false == sshd_include_option'
|
- when: 'false == sshd_include_option'
|
||||||
|
tags: sshd
|
||||||
block:
|
block:
|
||||||
- name: sshd_config
|
- name: sshd_config
|
||||||
|
tags: sshd
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/ssh/sshd_config
|
path: /etc/ssh/sshd_config
|
||||||
insertafter: '^\s*#\s*{{item.key}}\s+'
|
insertafter: '^\s*#\s*{{item.key}}\s+'
|
||||||
|
|
@ -70,24 +78,28 @@
|
||||||
MACs: '{{sshd_macs_}}'
|
MACs: '{{sshd_macs_}}'
|
||||||
KexAlgorithms: '{{sshd_kex_algorithms_}}'
|
KexAlgorithms: '{{sshd_kex_algorithms_}}'
|
||||||
- name: sshd_config
|
- name: sshd_config
|
||||||
|
tags: sshd
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/ssh/sshd_config
|
path: /etc/ssh/sshd_config
|
||||||
insertbefore: '\s*#?\s*HostKey\s+'
|
insertbefore: '\s*#?\s*HostKey\s+'
|
||||||
regexp: '^# HostKeys for protocol'
|
regexp: '^# HostKeys for protocol'
|
||||||
line: '# HostKeys for protocol'
|
line: '# HostKeys for protocol'
|
||||||
- name: sshd_config - prefer ed25519
|
- name: sshd_config - prefer ed25519
|
||||||
|
tags: sshd
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/ssh/sshd_config
|
path: /etc/ssh/sshd_config
|
||||||
insertafter: '^# HostKeys for protocol'
|
insertafter: '^# HostKeys for protocol'
|
||||||
regexp: '^\s*HostKey\s+/etc/ssh/ssh_host_ed25519_key\s*$'
|
regexp: '^\s*HostKey\s+/etc/ssh/ssh_host_ed25519_key\s*$'
|
||||||
line: 'HostKey /etc/ssh/ssh_host_ed25519_key'
|
line: 'HostKey /etc/ssh/ssh_host_ed25519_key'
|
||||||
- name: sshd_config - fallback rsa
|
- name: sshd_config - fallback rsa
|
||||||
|
tags: sshd
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/ssh/sshd_config
|
path: /etc/ssh/sshd_config
|
||||||
insertafter: '^\s*HostKey\s+/etc/ssh/ssh_host_ed25519_key\s*$'
|
insertafter: '^\s*HostKey\s+/etc/ssh/ssh_host_ed25519_key\s*$'
|
||||||
regexp: '^\s*HostKey\s+/etc/ssh/ssh_host_rsa_key\s*$'
|
regexp: '^\s*HostKey\s+/etc/ssh/ssh_host_rsa_key\s*$'
|
||||||
line: 'HostKey /etc/ssh/ssh_host_rsa_key'
|
line: 'HostKey /etc/ssh/ssh_host_rsa_key'
|
||||||
- name: 'sshd_config - absent dsa / ecdsa'
|
- name: 'sshd_config - absent dsa / ecdsa'
|
||||||
|
tags: sshd
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/ssh/sshd_config
|
path: /etc/ssh/sshd_config
|
||||||
state: absent
|
state: absent
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue