ansible-infra/playbooks/roles/deploy_ssh_server_config/tasks/main.yaml

# Role and config created after: https://infosec.mozilla.org/guidelines/openssh
- name: deploy SSH server config
  become: true

  block:
    - name: deploy `sshd_config`
      ansible.builtin.template:
        force: true
        dest: /etc/ssh/sshd_config
        mode: "0644"
        owner: root
        group: root
        src: sshd_config.j2
      register: deploy_ssh_server_config__ssh_config_copy_result

    - name: deactivate short moduli
      ansible.builtin.shell:
        cmd: awk '$5 >= 3071' /etc/ssh/moduli > /etc/ssh/moduli.tmp && mv /etc/ssh/moduli.tmp /etc/ssh/moduli

    # Rebooting here instead of restarting the ssh service, since I don't know how Ansible reacts, when it restarts the service it probably needs for the connection.
    - name: reboot, if ssh server config got changed
      ansible.builtin.reboot:
      when: deploy_ssh_server_config__ssh_config_copy_result.changed
Add role for deploying SSH config and also add mailserver-endpoint host 2023-06-06 23:37:42 +02:00			`# Role and config created after: https://infosec.mozilla.org/guidelines/openssh`
			`- name: deploy SSH server config`
			`become: true`

			`block:`
fix all ansible-lint yaml errors (except for line-length) 2024-11-23 02:49:23 +01:00			- name: deploy `sshd_config`
			`ansible.builtin.template:`
			`force: true`
			`dest: /etc/ssh/sshd_config`
			`mode: "0644"`
			`owner: root`
			`group: root`
			`src: sshd_config.j2`
			`register: deploy_ssh_server_config__ssh_config_copy_result`
Add role for deploying SSH config and also add mailserver-endpoint host 2023-06-06 23:37:42 +02:00
fix all ansible-lint yaml errors (except for line-length) 2024-11-23 02:49:23 +01:00			`- name: deactivate short moduli`
			`ansible.builtin.shell:`
			`cmd: awk '$5 >= 3071' /etc/ssh/moduli > /etc/ssh/moduli.tmp && mv /etc/ssh/moduli.tmp /etc/ssh/moduli`
Add role for deploying SSH config and also add mailserver-endpoint host 2023-06-06 23:37:42 +02:00
fix all ansible-lint yaml errors (except for line-length) 2024-11-23 02:49:23 +01:00			`# Rebooting here instead of restarting the ssh service, since I don't know how Ansible reacts, when it restarts the service it probably needs for the connection.`
			`- name: reboot, if ssh server config got changed`
			`ansible.builtin.reboot:`
			`when: deploy_ssh_server_config__ssh_config_copy_result.changed`