fix(system/sshd): handle firewall
Signed-off-by: Matej Focko <me@mfocko.xyz>
This commit is contained in:
parent
3e261ce668
commit
fc34091749
1 changed files with 16 additions and 0 deletions
|
@ -35,6 +35,22 @@
|
||||||
state: "present"
|
state: "present"
|
||||||
when: ansible_facts.selinux.status == 'enabled'
|
when: ansible_facts.selinux.status == 'enabled'
|
||||||
|
|
||||||
|
- name: Enable the new SSH port on firewall
|
||||||
|
ansible.posix.firewalld:
|
||||||
|
port: "{{ system_sshd_port }}/tcp"
|
||||||
|
immediate: true
|
||||||
|
permanent: true
|
||||||
|
state: enabled
|
||||||
|
notify: "Restart SSH server"
|
||||||
|
tags: firewall
|
||||||
|
|
||||||
|
- name: Disable the default SSH port
|
||||||
|
ansible.posix.firewalld:
|
||||||
|
service: ssh
|
||||||
|
permanent: true
|
||||||
|
state: disabled
|
||||||
|
tags: firewall
|
||||||
|
|
||||||
- name: Set trusted CA
|
- name: Set trusted CA
|
||||||
ansible.builtin.include_tasks: trusted_ca.yml
|
ansible.builtin.include_tasks: trusted_ca.yml
|
||||||
when: system_sshd_auth_trusted_ca
|
when: system_sshd_auth_trusted_ca
|
||||||
|
|
Loading…
Reference in a new issue