From f5d6b7521a1accf78b95a84ac519265d8b361e77 Mon Sep 17 00:00:00 2001
From: Denis Knauf <deac+git@denkn.at>
Date: Fri, 21 Feb 2025 14:14:01 +0100
Subject: [PATCH] sys_mailer_defaultdomain (default localdomain) and
 sshd_accept_env (default []) implemented.

---
 defaults/main.yml              | 2 ++
 tasks/os-debian.yml            | 2 +-
 templates/sshd-default.conf.j2 | 3 +++
 3 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 8d714e5..20b19ba 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -3,12 +3,14 @@ has_hwrng:              '{{ansible_virtualization_role != "guest" and ansible_lo
 is_virt_guest:          '{{ansible_virtualization_role == "guest"}}'
 is_container:           '{{ansible_virtualization_role == "guest" and ansible_virtualization_type == "lxc"}}'
 sys_default_users:      []
+sys_mailer_defaultdomain: 'localdomain'
 sshd_permit_root_login: 'prohibit-password'
 sshd_ciphers:           'chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr'
 sshd_macs:              'hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com'
 sshd_kex_algorithms:    'sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256'
 sshd_kerberos_authentication: 'no'
 sshd_gssapi_authentication: 'no'
+sshd_accept_env: []
 sshd_host_keys:
 - '/etc/ssh/ssh_host_ed25519_key'
 sshd_pubkey_authentication:   'yes'
diff --git a/tasks/os-debian.yml b/tasks/os-debian.yml
index f45513d..9d5e350 100644
--- a/tasks/os-debian.yml
+++ b/tasks/os-debian.yml
@@ -231,7 +231,7 @@
   when: "mailer.changed"
   copy:
     dest: /etc/nullmailer/defaultdomain
-    content: 'denkn.at'
+    content: '{{sys_mailer_defaultdomain}}'
     owner: root
     group: mail
     mode: 0640
diff --git a/templates/sshd-default.conf.j2 b/templates/sshd-default.conf.j2
index f71a336..9ac7a88 100644
--- a/templates/sshd-default.conf.j2
+++ b/templates/sshd-default.conf.j2
@@ -12,6 +12,9 @@ TCPKeepAlive           yes
 Ciphers                {{sshd_ciphers_}}
 MACs                   {{sshd_macs_}}
 KexAlgorithms          {{sshd_kex_algorithms_}}
+{%for k in sshd_accept_env%}
+AcceptEnv              {{k}}
+{%endfor%}
 {%for k in sshd_host_keys%}
 HostKey                {{k}}
 {%endfor%}