fix(system/sshd): handle firewall

Signed-off-by: Matej Focko <me@mfocko.xyz>
This commit is contained in:
Matej Focko 2024-07-10 15:16:47 +02:00
parent 3e261ce668
commit fc34091749
Signed by: mfocko
SSH key fingerprint: SHA256:5YXD7WbPuK60gxnG6DjAwJiS9+swoWj33/HFu8g8JVo

View file

@ -35,6 +35,22 @@
state: "present" state: "present"
when: ansible_facts.selinux.status == 'enabled' when: ansible_facts.selinux.status == 'enabled'
- name: Enable the new SSH port on firewall
ansible.posix.firewalld:
port: "{{ system_sshd_port }}/tcp"
immediate: true
permanent: true
state: enabled
notify: "Restart SSH server"
tags: firewall
- name: Disable the default SSH port
ansible.posix.firewalld:
service: ssh
permanent: true
state: disabled
tags: firewall
- name: Set trusted CA - name: Set trusted CA
ansible.builtin.include_tasks: trusted_ca.yml ansible.builtin.include_tasks: trusted_ca.yml
when: system_sshd_auth_trusted_ca when: system_sshd_auth_trusted_ca