32 lines
766 B
YAML
32 lines
766 B
YAML
---
|
|
- name: Packages
|
|
ansible.builtin.include_tasks: install.yml
|
|
tags: install
|
|
|
|
- name: Set sshd systemd unit for Ubuntu
|
|
ansible.builtin.set_fact:
|
|
sshd_unit: ssh
|
|
when: ansible_distribution == "Ubuntu"
|
|
|
|
- name: Set sshd systemd unit for co-Ubuntu
|
|
ansible.builtin.set_fact:
|
|
sshd_unit: sshd
|
|
when: ansible_distribution != "Ubuntu"
|
|
|
|
- name: Enable SSH server
|
|
ansible.builtin.service:
|
|
name: "{{ sshd_unit }}"
|
|
enabled: true
|
|
|
|
- name: Harden the SSH config
|
|
ansible.builtin.template:
|
|
src: templates/10-harden.conf
|
|
dest: /etc/ssh/sshd_config.d/10-harden.conf
|
|
mode: 0600
|
|
owner: root
|
|
group: root
|
|
notify: "Restart SSH server"
|
|
|
|
- name: Set trusted CA
|
|
ansible.builtin.include_tasks: trusted_ca.yml
|
|
when: sshd.auth.trusted_ca
|