Mirrors/ansible-collection-famedly-base
2
0
Fork 0
mirror of https://github.com/famedly/ansible-collection-base synced 2024-11-10 06:24:17 +00:00
Code Issues Projects Releases Packages Wiki Activity

fix(ssh): make role more idempotent

Browse source
This commit is contained in:
Lars Kaiser 2024-07-04 19:03:32 +02:00
parent 1987ae6993
commit 77c11d4ab1
No known key found for this signature in database
GPG key ID: BB97304A16BC5DCF
1 changed files with 5 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
roles/ssh/tasks/main.yml
View file

@ -133,7 +133,7 @@
ansible.builtin.lineinfile: ansible.builtin.lineinfile:
<<: *sshd_config_args <<: *sshd_config_args
regexp: "^#?KexAlgorithms" regexp: "^#?KexAlgorithms"
line: "KexAlgorithms {{ ssh_preset.allowed_kexalgos | intersect(queried_kex_algorithms.stdout_lines) | join(',') }}" line: "KexAlgorithms {{ ssh_preset.allowed_kexalgos | intersect(queried_kex_algorithms.stdout_lines) | sort(reverse=true) | join(',') }}"
insertafter: *cipher_after insertafter: *cipher_after
when: "ssh_preset.allowed_kexalgos is defined" when: "ssh_preset.allowed_kexalgos is defined"
notify: "reload sshd" notify: "reload sshd"
@ -155,7 +155,7 @@
ansible.builtin.lineinfile: ansible.builtin.lineinfile:
<<: *sshd_config_args <<: *sshd_config_args
regexp: "^#?Ciphers" regexp: "^#?Ciphers"
line: "Ciphers {{ ssh_preset.allowed_ciphers | intersect(queried_ciphers.stdout_lines) | join(',') }}" line: "Ciphers {{ ssh_preset.allowed_ciphers | intersect(queried_ciphers.stdout_lines) | sort(reverse=true) | join(',') }}"
insertafter: *cipher_after insertafter: *cipher_after
when: "ssh_preset.allowed_ciphers is defined" when: "ssh_preset.allowed_ciphers is defined"
notify: "reload sshd" notify: "reload sshd"
@ -177,7 +177,7 @@
ansible.builtin.lineinfile: ansible.builtin.lineinfile:
<<: *sshd_config_args <<: *sshd_config_args
regexp: "^#?MACs" regexp: "^#?MACs"
line: "MACs {{ ssh_preset.allowed_macs | intersect(queried_macs.stdout_lines) | join(',') }}" line: "MACs {{ ssh_preset.allowed_macs | intersect(queried_macs.stdout_lines) | sort(reverse=true) | join(',') }}"
insertafter: *cipher_after insertafter: *cipher_after
when: "ssh_preset.allowed_macs is defined" when: "ssh_preset.allowed_macs is defined"
notify: "reload sshd" notify: "reload sshd"
@ -199,7 +199,7 @@
ansible.builtin.lineinfile: ansible.builtin.lineinfile:
<<: *sshd_config_args <<: *sshd_config_args
regexp: "^#?HostKeyAlgorithms" regexp: "^#?HostKeyAlgorithms"
line: "HostKeyAlgorithms {{ ssh_preset.allowed_hostkey_algos | intersect(queried_hostkey_algos.stdout_lines) | join(',') }}" line: "HostKeyAlgorithms {{ ssh_preset.allowed_hostkey_algos | intersect(queried_hostkey_algos.stdout_lines) | sort(reverse=true) | join(',') }}"
insertafter: *cipher_after insertafter: *cipher_after
when: "ssh_preset.allowed_hostkey_algos is defined" when: "ssh_preset.allowed_hostkey_algos is defined"
notify: "reload sshd" notify: "reload sshd"
@ -221,7 +221,7 @@
ansible.builtin.lineinfile: ansible.builtin.lineinfile:
<<: *sshd_config_args <<: *sshd_config_args
regexp: "^#?PubkeyAcceptedKeyTypes" regexp: "^#?PubkeyAcceptedKeyTypes"
line: "PubkeyAcceptedKeyTypes {{ ssh_preset.allowed_pubkey_algos | intersect(queried_pubkey_algos.stdout_lines) | join(',') }}" line: "PubkeyAcceptedKeyTypes {{ ssh_preset.allowed_pubkey_algos | intersect(queried_pubkey_algos.stdout_lines) | sort(reverse=true) | join(',') }}"
insertafter: *cipher_after insertafter: *cipher_after
when: "ssh_preset.allowed_pubkey_algos is defined" when: "ssh_preset.allowed_pubkey_algos is defined"
notify: "reload sshd" notify: "reload sshd"