44 lines
1.2 KiB
YAML
44 lines
1.2 KiB
YAML
---
|
|
- name: copy sshd config
|
|
template:
|
|
src: ssh_sshd_config.j2
|
|
dest: "{{ rootpath }}/etc/ssh/sshd_config"
|
|
owner: root
|
|
mode: 0644
|
|
register: ssh_config
|
|
|
|
- name: copy ssh config
|
|
template:
|
|
src: ssh_config.j2
|
|
dest: "{{ rootpath }}/etc/ssh/ssh_config"
|
|
owner: root
|
|
mode: 0644
|
|
|
|
- name: create ssh folder for user root
|
|
file:
|
|
path: "{{ rootpath }}/root/.ssh"
|
|
state: directory
|
|
owner: root
|
|
group: "{{ root_group }}"
|
|
mode: 0700
|
|
|
|
- name: write authorized_keys file for user root
|
|
template:
|
|
src: ssh_root_authorized_keys.j2
|
|
dest: "{{ rootpath }}/root/.ssh/authorized_keys"
|
|
owner: root
|
|
group: "{{ root_group }}"
|
|
mode: 0600
|
|
when: admin_ssh_keys | length
|
|
|
|
- name: create ssh host keys
|
|
shell: "prefix=\"{{ rootpath }}\"; ssh-keygen -N \"\" -t ed25519 -f \"${prefix}/etc/ssh/ssh_host_ed25519_key\"; ssh-keygen -N \"\" -b 4096 -t rsa -f \"${prefix}/etc/ssh/ssh_host_rsa_key\"; ssh-keygen -N \"\" -b 521 -t ecdsa -f \"${prefix}/etc/ssh/ssh_host_ecdsa_key\""
|
|
args:
|
|
creates: "{{ rootpath }}/etc/ssh/ssh_host_ed25519_key"
|
|
register: ssh_hostkeys
|
|
|
|
- name: maybe restart sshd
|
|
meta: noop
|
|
changed_when: ( (ssh_hostkeys is changed) or (ssh_config is changed) ) and not rootpath
|
|
notify:
|
|
- restart sshd
|