|
1 | 1 | --- |
2 | | -- name: Find all files in /etc/ssh/sshd_config.d/ |
3 | | - ansible.builtin.find: |
4 | | - paths: /etc/ssh/sshd_config.d/ |
5 | | - file_type: file |
6 | | - register: sshd_config_d_files |
7 | | - |
8 | | -- name: Remove all files in /etc/ssh/sshd_config.d/ |
9 | | - ansible.builtin.file: |
10 | | - path: "{{ item.path }}" |
11 | | - state: absent |
12 | | - loop: "{{ sshd_config_d_files.files }}" |
13 | | - loop_control: |
14 | | - label: "{{ item.path }}" |
15 | | - when: sshd_config_d_files.matched > 0 |
16 | | - |
17 | | -- name: Copy custom sshd_config.conf to /etc/ssh/sshd_config.d/ |
18 | | - ansible.builtin.copy: |
19 | | - src: "sshd_config.conf" |
20 | | - dest: /etc/ssh/sshd_config.d/ |
21 | | - owner: root |
22 | | - group: root |
23 | | - mode: '0644' |
24 | | - |
25 | | - |
26 | | -- name: Find all files in /etc/ssh/ssh_config.d/ |
27 | | - ansible.builtin.find: |
28 | | - paths: /etc/ssh/ssh_config.d/ |
29 | | - file_type: file |
30 | | - register: ssh_config_d_files |
31 | | - |
32 | | -- name: Remove all files in /etc/ssh/ssh_config.d/ |
33 | | - ansible.builtin.file: |
34 | | - path: "{{ item.path }}" |
35 | | - state: absent |
36 | | - loop: "{{ ssh_config_d_files.files }}" |
37 | | - loop_control: |
38 | | - label: "{{ item.path }}" |
39 | | - when: ssh_config_d_files.matched > 0 |
40 | | - |
41 | | -- name: Copy ssh_config to /etc/ssh/ssh_config.d/ |
42 | | - ansible.builtin.copy: |
43 | | - src: "ssh_config.conf" |
44 | | - dest: /etc/ssh/ssh_config.d/ |
45 | | - owner: root |
46 | | - group: root |
47 | | - mode: '0644' |
| 2 | +- name: Manage SSH configurations |
| 3 | + block: |
| 4 | + - name: Ensure /etc/ssh/sshd_config.d exists |
| 5 | + ansible.builtin.file: |
| 6 | + path: /etc/ssh/sshd_config.d |
| 7 | + state: directory |
| 8 | + owner: root |
| 9 | + group: root |
| 10 | + mode: '0755' |
| 11 | + |
| 12 | + - name: Remove unmanaged files from /etc/ssh/sshd_config.d |
| 13 | + ansible.builtin.find: |
| 14 | + paths: /etc/ssh/sshd_config.d/ |
| 15 | + file_type: file |
| 16 | + patterns: '*' |
| 17 | + register: sshd_config_d_files |
| 18 | + |
| 19 | + - name: Remove unmanaged sshd files |
| 20 | + ansible.builtin.file: |
| 21 | + path: "{{ item.path }}" |
| 22 | + state: absent |
| 23 | + loop: "{{ sshd_config_d_files.files }}" |
| 24 | + when: item.path | basename != 'sshd_config.conf' |
| 25 | + loop_control: |
| 26 | + label: "{{ item.path }}" |
| 27 | + notify: reload sshd |
| 28 | + |
| 29 | + - name: Copy managed sshd_config.conf |
| 30 | + ansible.builtin.copy: |
| 31 | + src: sshd_config.conf |
| 32 | + dest: /etc/ssh/sshd_config.d/sshd_config.conf |
| 33 | + owner: root |
| 34 | + group: root |
| 35 | + mode: '0644' |
| 36 | + notify: reload sshd |
| 37 | + |
| 38 | + |
| 39 | + - name: Ensure /etc/ssh/ssh_config.d exists |
| 40 | + ansible.builtin.file: |
| 41 | + path: /etc/ssh/ssh_config.d |
| 42 | + state: directory |
| 43 | + owner: root |
| 44 | + group: root |
| 45 | + mode: '0755' |
| 46 | + |
| 47 | + - name: Remove unmanaged files from /etc/ssh/ssh_config.d |
| 48 | + ansible.builtin.find: |
| 49 | + paths: /etc/ssh/ssh_config.d/ |
| 50 | + file_type: file |
| 51 | + patterns: '*' |
| 52 | + register: ssh_config_d_files |
| 53 | + |
| 54 | + - name: Remove unmanaged ssh files |
| 55 | + ansible.builtin.file: |
| 56 | + path: "{{ item.path }}" |
| 57 | + state: absent |
| 58 | + loop: "{{ ssh_config_d_files.files }}" |
| 59 | + when: item.path | basename != 'ssh_config.conf' |
| 60 | + loop_control: |
| 61 | + label: "{{ item.path }}" |
| 62 | + notify: reload sshd |
| 63 | + |
| 64 | + - name: Copy managed ssh_config.conf |
| 65 | + ansible.builtin.copy: |
| 66 | + src: ssh_config.conf |
| 67 | + dest: /etc/ssh/ssh_config.d/ssh_config.conf |
| 68 | + owner: root |
| 69 | + group: root |
| 70 | + mode: '0644' |
| 71 | + notify: reload sshd |
| 72 | + tags: ['ssh-configs'] |
0 commit comments