iiab/roles/sshd/tasks/main.yml

- name: "Install ssh daemon using package: {{ sshd_package }}"
  package:
    name: "{{ sshd_package }}"
    state: present

- name: Disable password-based logins to root
  lineinfile:
    dest: /etc/ssh/sshd_config
    regexp: '^PermitRootLogin'
    line: 'PermitRootLogin without-password'
    state: present
  #when: sshd_enabled | bool
#TODO: use handler to reload ssh

- name: mkdir /root/.ssh
  file:
    state: directory
    path: /root/.ssh
    owner: root
    group: root
    mode: '0700'
  #when: sshd_enabled | bool

- name: Install dummy root keys as placeholder
  copy:
    src: dummy_authorized_keys
    dest: /root/.ssh/authorized_keys
    owner: root
    group: root
    mode: '0600'
    force: no
  #when: sshd_enabled | bool


# RECORD sshd AS INSTALLED

- name: "Set 'sshd_installed: True'"
  set_fact:
    sshd_installed: True

- name: "Add 'sshd_installed: True' to {{ iiab_state_file }}"
  lineinfile:
    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
    regexp: '^sshd_installed'
    line: 'sshd_installed: True'


- name: Enable & Start ssh daemon ({{ sshd_service }}) if sshd_enabled
  systemd:
    name: "{{ sshd_service }}"
    daemon_reload: yes
    enabled: yes
    state: started
  when: sshd_enabled | bool

- name: Disable & Stop ssh daemon ({{ sshd_service }}) if not sshd_enabled
  systemd:
    name: "{{ sshd_service }}"
    enabled: no
    state: stopped
  when: not sshd_enabled
Update main.yml 2019-02-03 00:33:49 +00:00			`- name: "Install ssh daemon using package: {{ sshd_package }}"`
Update main.yml 2019-01-02 02:44:19 +00:00			`package:`
			`name: "{{ sshd_package }}"`
			`state: present`

Mostly var cleanup across ~80 files 2020-01-30 09:00:00 +00:00			`- name: Disable password-based logins to root`
modern Ansible syntax in roles/sshd 2018-09-20 00:44:42 +00:00			`lineinfile:`
			`dest: /etc/ssh/sshd_config`
			`regexp: '^PermitRootLogin'`
			`line: 'PermitRootLogin without-password'`
			`state: present`
Mostly var cleanup across ~80 files 2020-01-30 09:00:00 +00:00			`#when: sshd_enabled \| bool`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00			`#TODO: use handler to reload ssh`

Mostly var cleanup across ~80 files 2020-01-30 09:00:00 +00:00			`- name: mkdir /root/.ssh`
Update main.yml 2018-09-20 00:55:28 +00:00			`file:`
Mostly var cleanup across ~80 files 2020-01-30 09:00:00 +00:00			`state: directory`
Update main.yml 2018-09-20 00:55:28 +00:00			`path: /root/.ssh`
			`owner: root`
			`group: root`
Mostly var cleanup across ~80 files 2020-01-30 09:00:00 +00:00			`mode: '0700'`
			`#when: sshd_enabled \| bool`
Update main.yml 2018-09-20 00:55:28 +00:00
			`- name: Install dummy root keys as placeholder`
			`copy:`
			`src: dummy_authorized_keys`
			`dest: /root/.ssh/authorized_keys`
			`owner: root`
			`group: root`
Mostly var cleanup across ~80 files 2020-01-30 09:00:00 +00:00			`mode: '0600'`
Update main.yml 2018-09-20 00:55:28 +00:00			`force: no`
Mostly var cleanup across ~80 files 2020-01-30 09:00:00 +00:00			`#when: sshd_enabled \| bool`


			`# RECORD sshd AS INSTALLED`

			`- name: "Set 'sshd_installed: True'"`
			`set_fact:`
			`sshd_installed: True`

			`- name: "Add 'sshd_installed: True' to {{ iiab_state_file }}"`
			`lineinfile:`
Convert dest: to path: per Ansible lineinfile norms 2020-02-04 00:54:04 +00:00			`path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml`
Mostly var cleanup across ~80 files 2020-01-30 09:00:00 +00:00			`regexp: '^sshd_installed'`
			`line: 'sshd_installed: True'`

Update main.yml 2018-09-20 00:55:28 +00:00
Mostly var cleanup across ~80 files 2020-01-30 09:00:00 +00:00			`- name: Enable & Start ssh daemon ({{ sshd_service }}) if sshd_enabled`
			`systemd:`
modern Ansible syntax in roles/sshd 2018-09-20 00:44:42 +00:00			`name: "{{ sshd_service }}"`
Mostly var cleanup across ~80 files 2020-01-30 09:00:00 +00:00			`daemon_reload: yes`
modern Ansible syntax in roles/sshd 2018-09-20 00:44:42 +00:00			`enabled: yes`
			`state: started`
'when: X' -> 'when: X \| bool' for Ansibl 2.8 2019-05-24 22:33:10 +00:00			`when: sshd_enabled \| bool`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00
Mostly var cleanup across ~80 files 2020-01-30 09:00:00 +00:00			`- name: Disable & Stop ssh daemon ({{ sshd_service }}) if not sshd_enabled`
			`systemd:`
modern Ansible syntax in roles/sshd 2018-09-20 00:44:42 +00:00			`name: "{{ sshd_service }}"`
			`enabled: no`
			`state: stopped`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00			`when: not sshd_enabled`