2023-08-29 11:14:23 +02:00
|
|
|
---
|
|
|
|
- name: Packages
|
|
|
|
ansible.builtin.include_tasks: install.yml
|
|
|
|
tags: install
|
|
|
|
|
|
|
|
- name: Set sshd systemd unit for Ubuntu
|
|
|
|
ansible.builtin.set_fact:
|
2024-05-06 23:47:25 +02:00
|
|
|
system_sshd_unit: ssh
|
2023-08-29 11:14:23 +02:00
|
|
|
when: ansible_distribution == "Ubuntu"
|
|
|
|
|
|
|
|
- name: Set sshd systemd unit for co-Ubuntu
|
|
|
|
ansible.builtin.set_fact:
|
2024-05-06 23:47:25 +02:00
|
|
|
system_sshd_unit: sshd
|
2023-08-29 11:14:23 +02:00
|
|
|
when: ansible_distribution != "Ubuntu"
|
|
|
|
|
|
|
|
- name: Enable SSH server
|
|
|
|
ansible.builtin.service:
|
2024-05-06 23:47:25 +02:00
|
|
|
name: "{{ system_sshd_unit }}"
|
2023-08-29 11:14:23 +02:00
|
|
|
enabled: true
|
|
|
|
|
|
|
|
- name: Harden the SSH config
|
|
|
|
ansible.builtin.template:
|
|
|
|
src: templates/10-harden.conf
|
|
|
|
dest: /etc/ssh/sshd_config.d/10-harden.conf
|
|
|
|
mode: 0600
|
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
notify: "Restart SSH server"
|
|
|
|
|
|
|
|
- name: Set trusted CA
|
|
|
|
ansible.builtin.include_tasks: trusted_ca.yml
|
2024-05-06 23:47:25 +02:00
|
|
|
when: system_sshd_auth_trusted_ca
|