From 3e261ce668b4c166ac761ab7e314a73cde085dbb Mon Sep 17 00:00:00 2001
From: Matej Focko <me@mfocko.xyz>
Date: Wed, 10 Jul 2024 15:00:56 +0200
Subject: [PATCH] fix(system/sshd): notify SELinux about the port change

Signed-off-by: Matej Focko <me@mfocko.xyz>
---
 roles/system/sshd/tasks/main.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/roles/system/sshd/tasks/main.yml b/roles/system/sshd/tasks/main.yml
index 5664f76..d7876a6 100644
--- a/roles/system/sshd/tasks/main.yml
+++ b/roles/system/sshd/tasks/main.yml
@@ -27,6 +27,14 @@
     group: root
   notify: "Restart SSH server"
 
+- name: Notify SELinux about new port
+  community.general.seport:
+    ports: "{{ system_sshd_port }}"
+    proto: "tcp"
+    setype: "ssh_port_t"
+    state: "present"
+  when: ansible_facts.selinux.status == 'enabled'
+
 - name: Set trusted CA
   ansible.builtin.include_tasks: trusted_ca.yml
   when: system_sshd_auth_trusted_ca