CI: Refactor sshd configuration into a role

Prep for applying it to macOS 13 GitHub runners.

refs #1186
pull/1184/head
Alex Willmer 3 weeks ago
parent 9e0dad2a1a
commit 8cfcb66cda

@ -23,10 +23,16 @@
gather_facts: true gather_facts: true
vars: vars:
distro: "{{ansible_distribution}}" distro: "{{ansible_distribution}}"
tasks:
- when: ansible_virtualization_type != "docker"
meta: end_play
pre_tasks:
- meta: end_play
when:
- ansible_facts.virtualization_type != "docker"
roles:
- role: sshd
tasks:
- name: Ensure requisite apt packages are installed - name: Ensure requisite apt packages are installed
apt: apt:
name: "{{ common_packages + packages }}" name: "{{ common_packages + packages }}"
@ -134,10 +140,6 @@
content: | content: |
i-am-mitogen-test-docker-image i-am-mitogen-test-docker-image
- copy:
dest: /etc/ssh/banner.txt
src: ../data/docker/ssh_login_banner.txt
- name: Ensure /etc/sudoers.d exists - name: Ensure /etc/sudoers.d exists
file: file:
state: directory state: directory
@ -169,17 +171,6 @@
line: "%wheel ALL=(ALL) ALL" line: "%wheel ALL=(ALL) ALL"
when: ansible_os_family == 'RedHat' when: ansible_os_family == 'RedHat'
- name: Enable SSH banner
lineinfile:
path: /etc/ssh/sshd_config
line: Banner /etc/ssh/banner.txt
- name: Allow remote SSH root login
lineinfile:
path: /etc/ssh/sshd_config
line: PermitRootLogin yes
regexp: '.*PermitRootLogin.*'
- name: Allow remote SSH root login - name: Allow remote SSH root login
lineinfile: lineinfile:
path: /etc/pam.d/sshd path: /etc/pam.d/sshd

@ -0,0 +1 @@
sshd_config_file: /etc/ssh/sshd_config

@ -0,0 +1,18 @@
- name: Create login banner
copy:
src: banner.txt
dest: /etc/ssh/banner.txt
mode: u=rw,go=r
- name: Configure sshd_config
lineinfile:
path: "{{ sshd_config_file }}"
line: "{{ item.line }}"
regexp: "{{ item.regexp }}"
loop:
- line: Banner /etc/ssh/banner.txt
regexp: '^#? *Banner.*'
- line: PermitRootLogin yes
regexp: '.*PermitRootLogin.*'
loop_control:
label: "{{ item.line }}"
Loading…
Cancel
Save