commit
d8408b1f25
@ -0,0 +1,7 @@
|
||||
- name: Configure macOS
|
||||
hosts: all
|
||||
gather_facts: true
|
||||
strategy: mitogen_free
|
||||
become: true
|
||||
roles:
|
||||
- role: sshd
|
@ -0,0 +1,3 @@
|
||||
sshd_config_file: /etc/ssh/sshd_config
|
||||
|
||||
sshd_config__max_auth_tries: 50
|
@ -0,0 +1,31 @@
|
||||
- name: Create login banner
|
||||
copy:
|
||||
src: banner.txt
|
||||
dest: /etc/ssh/banner.txt
|
||||
mode: u=rw,go=r
|
||||
|
||||
- name: Configure sshd_config
|
||||
lineinfile:
|
||||
path: "{{ sshd_config_file }}"
|
||||
line: "{{ item.line }}"
|
||||
regexp: "{{ item.regexp }}"
|
||||
loop:
|
||||
- line: Banner /etc/ssh/banner.txt
|
||||
regexp: '^#? *Banner.*'
|
||||
- line: MaxAuthTries {{ sshd_config__max_auth_tries }}
|
||||
regexp: '^#? *MaxAuthTries.*'
|
||||
- line: PermitRootLogin yes
|
||||
regexp: '.*PermitRootLogin.*'
|
||||
loop_control:
|
||||
label: "{{ item.line }}"
|
||||
register: configure_sshd_result
|
||||
|
||||
- name: Restart sshd
|
||||
shell: |
|
||||
launchctl unload /System/Library/LaunchDaemons/ssh.plist
|
||||
wait 5
|
||||
launchctl load -w /System/Library/LaunchDaemons/ssh.plist
|
||||
changed_when: true
|
||||
when:
|
||||
- ansible_facts.distribution == "MacOSX"
|
||||
- configure_sshd_result is changed
|
Loading…
Reference in New Issue