mfocko/dotfiles
1
0
Fork 0
Code Issues 6 Pull requests Projects Releases Wiki Activity

fix(system/sshd): handle firewall

Browse source 
Signed-off-by: Matej Focko <me@mfocko.xyz>
This commit is contained in:
Matej Focko 2024-07-10 15:16:47 +02:00
parent 3e261ce668
commit fc34091749
Signed by: mfocko
SSH key fingerprint: SHA256:5YXD7WbPuK60gxnG6DjAwJiS9+swoWj33/HFu8g8JVo
1 changed files with 16 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
roles/system/sshd/tasks/main.yml
View file

@ -35,6 +35,22 @@
state: "present" state: "present"
when: ansible_facts.selinux.status == 'enabled' when: ansible_facts.selinux.status == 'enabled'
- name: Enable the new SSH port on firewall
ansible.posix.firewalld:
port: "{{ system_sshd_port }}/tcp"
immediate: true
permanent: true
state: enabled
notify: "Restart SSH server"
tags: firewall
- name: Disable the default SSH port
ansible.posix.firewalld:
service: ssh
permanent: true
state: disabled
tags: firewall
- name: Set trusted CA - name: Set trusted CA
ansible.builtin.include_tasks: trusted_ca.yml ansible.builtin.include_tasks: trusted_ca.yml
when: system_sshd_auth_trusted_ca when: system_sshd_auth_trusted_ca