mfocko/dotfiles
1
0
Fork 0
Code Issues 6 Pull requests Projects Releases Wiki Activity

fix(system/sshd): notify SELinux about the port change

Browse source 
Signed-off-by: Matej Focko <me@mfocko.xyz>
This commit is contained in:
Matej Focko 2024-07-10 15:00:56 +02:00
parent 2c9fc903f4
commit 3e261ce668
Signed by: mfocko
SSH key fingerprint: SHA256:5YXD7WbPuK60gxnG6DjAwJiS9+swoWj33/HFu8g8JVo
1 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
roles/system/sshd/tasks/main.yml
View file

@ -27,6 +27,14 @@
group: root group: root
notify: "Restart SSH server" notify: "Restart SSH server"
- name: Notify SELinux about new port
community.general.seport:
ports: "{{ system_sshd_port }}"
proto: "tcp"
setype: "ssh_port_t"
state: "present"
when: ansible_facts.selinux.status == 'enabled'
- name: Set trusted CA - name: Set trusted CA
ansible.builtin.include_tasks: trusted_ca.yml ansible.builtin.include_tasks: trusted_ca.yml
when: system_sshd_auth_trusted_ca when: system_sshd_auth_trusted_ca