From 857897eb3911c02160e818b9fd093e15703523a2 Mon Sep 17 00:00:00 2001
From: Denis Knauf <deac+git@denkn.at>
Date: Sun, 14 Jan 2024 21:49:26 +0100
Subject: [PATCH] sshd-default.conf.j2 fixed {%%}; prefix ssh_ -> sshd_

---
 defaults/main.yml              | 18 +++++++++---------
 tasks/sshd_config.yml          | 14 +++++++-------
 templates/sshd-default.conf.j2 | 16 ++++++++--------
 3 files changed, 24 insertions(+), 24 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 8e806fc..e8170bc 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,9 +1,9 @@
-has_hwrng:             '{{ansible_virtualization_role != "guest" and ansible_local.devices.hwrng }}'
-is_virt_guest:         '{{ansible_virtualization_role == "guest"}}'
-is_container:          '{{ansible_virtualization_role == "guest" and ansible_virtualization_type == "lxc"}}'
-sys_default_users:     []
-ssh_permit_root_login: 'prohibit-password'
-ssh_ciphers:           'chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com'
-ssh_macs:              'hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256'
-ssh_kex_algorithms:    'curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256'
-ssh_host_keys:         [/etc/ssh/ssh_host_ed25519_key, /etc/ssh/ssh_host_rsa_key]
+has_hwrng:              '{{ansible_virtualization_role != "guest" and ansible_local.devices.hwrng }}'
+is_virt_guest:          '{{ansible_virtualization_role == "guest"}}'
+is_container:           '{{ansible_virtualization_role == "guest" and ansible_virtualization_type == "lxc"}}'
+sys_default_users:      []
+sshd_permit_root_login: 'prohibit-password'
+sshd_ciphers:           'chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com'
+sshd_macs:              'hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256'
+sshd_kex_algorithms:    'curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256'
+sshd_host_keys:         [/etc/ssh/ssh_host_ed25519_key, /etc/ssh/ssh_host_rsa_key]
diff --git a/tasks/sshd_config.yml b/tasks/sshd_config.yml
index 8383391..e7ed672 100644
--- a/tasks/sshd_config.yml
+++ b/tasks/sshd_config.yml
@@ -18,16 +18,16 @@
       regexp:      '^\s*{{item.key}}\s'
       line:        '{{item.key}} {{item.value}}'
     with_dict:
-      Port:                   '{{ssh_port|default(22)}}'
-      PermitRootLogin:        '{{ssh_permit_root_login}}'
+      Port:                   '{{sshd_port|default(22)}}'
+      PermitRootLogin:        '{{sshd_permit_root_login}}'
       StrictModes:            'yes'
       PubkeyAuthentication:   'yes'
-      KerberosAuthentication: '{{ssh_kerberos_authentication|default(omit)}}'
-      GSSAPIAuthentication:   '{{ssh_gssapi_authentication|default(omit)}}'
+      KerberosAuthentication: '{{sshd_kerberos_authentication|default(omit)}}'
+      GSSAPIAuthentication:   '{{sshd_gssapi_authentication|default(omit)}}'
       TCPKeepAlive:           'yes'
-      Ciphers:                '{{ssh_ciphers}}'
-      MACs:                   '{{ssh_macs}}'
-      KexAlgorithms:          '{{ssh_kex_algorithms}}'
+      Ciphers:                '{{sshd_ciphers}}'
+      MACs:                   '{{sshd_macs}}'
+      KexAlgorithms:          '{{sshd_kex_algorithms}}'
   - name: sshd_config
     lineinfile:
       path:        /etc/ssh/sshd_config
diff --git a/templates/sshd-default.conf.j2 b/templates/sshd-default.conf.j2
index 68f2241..159c0b1 100644
--- a/templates/sshd-default.conf.j2
+++ b/templates/sshd-default.conf.j2
@@ -1,11 +1,11 @@
-{{if ssh_port is defined             }}Port                   {{ssh_port}}{{endif}}
-PermitRootLogin        {{ssh_permit_root_login}}
+{%if sshd_port is defined             %}Port                   {{sshd_port}}{%endif%}
+PermitRootLogin        {{sshd_permit_root_login}}
 StrictModes            yes
 PubkeyAuthentication   yes
-{{if ssh_kerberos_authentication is defined}}KerberosAuthentication {{ssh_kerberos_authentication}}{{endif}}
-{{if ssh_gssapi_authentication is defined}}GSSAPIAuthentication   {{ssh_gssapi_authentication}}{{endif}}
+{%if sshd_kerberos_authentication is defined%}KerberosAuthentication {{sshd_kerberos_authentication}}{%endif%}
+{%if sshd_gssapi_authentication is defined%}GSSAPIAuthentication   {{sshd_gssapi_authentication}}{%endif%}
 TCPKeepAlive           yes
-Ciphers                {{ssh_ciphers}}
-MACs                   {{ssh_macs}}
-KexAlgorithms          {{ssh_kex_algorithms}}
-HostKey                {%for k in ssh_host_keys%}{{k}}{%endfor%}
+Ciphers                {{sshd_ciphers}}
+MACs                   {{sshd_macs}}
+KexAlgorithms          {{sshd_kex_algorithms}}
+HostKey                {%for k in sshd_host_keys%}{{k}}{%endfor%}