fix(system/sshd): handle firewall
Signed-off-by: Matej Focko <me@mfocko.xyz>
This commit is contained in:
parent
3e261ce668
commit
fc34091749
1 changed files with 16 additions and 0 deletions
|
@ -35,6 +35,22 @@
|
|||
state: "present"
|
||||
when: ansible_facts.selinux.status == 'enabled'
|
||||
|
||||
- name: Enable the new SSH port on firewall
|
||||
ansible.posix.firewalld:
|
||||
port: "{{ system_sshd_port }}/tcp"
|
||||
immediate: true
|
||||
permanent: true
|
||||
state: enabled
|
||||
notify: "Restart SSH server"
|
||||
tags: firewall
|
||||
|
||||
- name: Disable the default SSH port
|
||||
ansible.posix.firewalld:
|
||||
service: ssh
|
||||
permanent: true
|
||||
state: disabled
|
||||
tags: firewall
|
||||
|
||||
- name: Set trusted CA
|
||||
ansible.builtin.include_tasks: trusted_ca.yml
|
||||
when: system_sshd_auth_trusted_ca
|
||||
|
|
Loading…
Reference in a new issue