diff options
| -rw-r--r-- | roles/sshd/meta/main.yml | 21 | ||||
| -rw-r--r-- | roles/sshd/tasks/main.yml | 15 |
2 files changed, 34 insertions, 2 deletions
diff --git a/roles/sshd/meta/main.yml b/roles/sshd/meta/main.yml new file mode 100644 index 0000000..e0d60ee --- /dev/null +++ b/roles/sshd/meta/main.yml @@ -0,0 +1,21 @@ +--- + +argument_specs: + main: + short_description: sshd main entrypoint. + options: + + sshd_configuration_file: + type: path + required: true + description: Sshd configuration file + + sshd_listen_port: + type: int + required: true + description: Sshd listen port + + sshd_enable_x11_forwarding: + type: bool + required: true + description: Enable X11 forwarding diff --git a/roles/sshd/tasks/main.yml b/roles/sshd/tasks/main.yml index b895958..6a622d2 100644 --- a/roles/sshd/tasks/main.yml +++ b/roles/sshd/tasks/main.yml @@ -9,15 +9,26 @@ - name: generate sshd configuration ansible.builtin.template: src: sshd_config.j2 - dest: /etc/ssh/sshd_config + dest: "{{ sshd_configuration_file }}" owner: 0 group: 0 mode: "0644" + register: sshd_result_generate_configuration -- name: enable and restart sshd +- name: lint sshd configuration + ansible.builtin.command: "sshd -tf {{ sshd_configuration_file }}" + register: sshd_result_lint + changed_when: false + +- name: restart sshd # noqa: no-handler ansible.builtin.service: name: sshd state: restarted + when: sshd_result_generate_configuration.changed + +- name: enable sshd + ansible.builtin.service: + name: sshd enabled: true - name: check ssh connection |