From 970a107492c31a43bb77f6f5e0096b41adc2c2f4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Romain=20Gon=C3=A7alves?= <me@rgoncalves.se>
Date: Mon, 12 Dec 2022 22:51:55 +0100
Subject: refactor: split sshd and ssh key synchronization

---
 roles/sshd/templates/sshd_config.j2 | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'roles/sshd/templates/sshd_config.j2')

diff --git a/roles/sshd/templates/sshd_config.j2 b/roles/sshd/templates/sshd_config.j2
index f40e160..b8affa8 100644
--- a/roles/sshd/templates/sshd_config.j2
+++ b/roles/sshd/templates/sshd_config.j2
@@ -1,7 +1,7 @@
 # managed by Ansible
 
 # network
-Port {{ ansible_port }}
+Port {{ sshd_listen_port }}
 
 # security
 PermitRootLogin yes
@@ -13,13 +13,16 @@ AuthorizedKeysFile .ssh/authorized_keys
 PasswordAuthentication no
 PermitEmptyPasswords no
 ClientAliveInterval 180
+X11Forwarding {{ "yes" if sshd_enable_x11_forwarding else "no" }}
 
-{% if ansible_facts["os_family"] == "Debian" %}
+{% if ansible_distribution == "Debian" %}
 Subsystem sftp /usr/lib/openssh/sftp-server
 ChallengeResponseAuthentication no
 UsePAM yes
 PrintMotd no
 UsePrivilegeSeparation sandbox
+{% elif ansible_distribution == "Archlinux" %}
+Subsystem sftp /usr/lib/ssh/sftp-server
 {% else %}
 Subsystem sftp /usr/libexec/sftp-server
 {% endif %}
-- 
cgit v1.2.3