refactor: split sshd and ssh key synchronization

author: Romain Gonçalves <me@rgoncalves.se> 2022-12-12 22:51:55 +0100
committer: Romain Gonçalves <me@rgoncalves.se> 2022-12-17 17:02:24 +0100
commit: 970a107492c31a43bb77f6f5e0096b41adc2c2f4 (patch)
tree: 614ee1b08379eb5838aaf004e58f31880127bc9d /roles/sshd/templates
parent: db698b595e7ff088c96d00ef5285a0d634aff1be (diff)
download: rules-970a107492c31a43bb77f6f5e0096b41adc2c2f4.tar.gz
1 files changed, 5 insertions, 2 deletions
diff --git a/roles/sshd/templates/sshd_config.j2 b/roles/sshd/templates/sshd_config.j2
index f40e160..b8affa8 100644
--- a/roles/sshd/templates/sshd_config.j2
+++ b/roles/sshd/templates/sshd_config.j2
@@ -1,7 +1,7 @@
 # managed by Ansible
 
 # network
-Port {{ ansible_port }}
+Port {{ sshd_listen_port }}
 
 # security
 PermitRootLogin yes
@@ -13,13 +13,16 @@ AuthorizedKeysFile .ssh/authorized_keys
 PasswordAuthentication no
 PermitEmptyPasswords no
 ClientAliveInterval 180
+X11Forwarding {{ "yes" if sshd_enable_x11_forwarding else "no" }}
 
-{% if ansible_facts["os_family"] == "Debian" %}
+{% if ansible_distribution == "Debian" %}
 Subsystem sftp /usr/lib/openssh/sftp-server
 ChallengeResponseAuthentication no
 UsePAM yes
 PrintMotd no
 UsePrivilegeSeparation sandbox
+{% elif ansible_distribution == "Archlinux" %}
+Subsystem sftp /usr/lib/ssh/sftp-server
 {% else %}
 Subsystem sftp /usr/libexec/sftp-server
 {% endif %}
author	Romain Gonçalves <me@rgoncalves.se>	2022-12-12 22:51:55 +0100
committer	Romain Gonçalves <me@rgoncalves.se>	2022-12-17 17:02:24 +0100
commit	970a107492c31a43bb77f6f5e0096b41adc2c2f4 (patch)
tree	614ee1b08379eb5838aaf004e58f31880127bc9d /roles/sshd/templates
parent	db698b595e7ff088c96d00ef5285a0d634aff1be (diff)
download	rules-970a107492c31a43bb77f6f5e0096b41adc2c2f4.tar.gz