diff options
| -rw-r--r-- | ansible/roles/common/handlers/main.yml | 8 | ||||
| -rw-r--r-- | ansible/roles/common/tasks/main.yml | 21 |
2 files changed, 20 insertions, 9 deletions
diff --git a/ansible/roles/common/handlers/main.yml b/ansible/roles/common/handlers/main.yml index 02cc88e..68db0ad 100644 --- a/ansible/roles/common/handlers/main.yml +++ b/ansible/roles/common/handlers/main.yml @@ -1,9 +1,13 @@ -- name: Restart ssh +- name: Reload ssh service: name: ssh - state: restarted + state: reloaded + tags: + - role::common - name: Restart systemd-timesyncd service: name: systemd-timesyncd state: restarted + tags: + - role::common diff --git a/ansible/roles/common/tasks/main.yml b/ansible/roles/common/tasks/main.yml index b9b9c52..926d9d6 100644 --- a/ansible/roles/common/tasks/main.yml +++ b/ansible/roles/common/tasks/main.yml @@ -14,14 +14,21 @@ tags: - role::common -- name: Disable SSH password authentication - lineinfile: - dest: /etc/ssh/sshd_config - regexp: "^PasswordAuthentication" - line: "PasswordAuthentication no" - state: present +- name: Configure SSH daemon options + ansible.builtin.copy: + content: | + # Ansible managed + + PasswordAuthentication no + PermitRootLogin no + ClientAliveInterval 300 + ClientAliveCountMax 3 + dest: /etc/ssh/sshd_config.d/pydis.conf + owner: root + group: root + mode: "0444" notify: - - Restart ssh + - Reload ssh tags: - role::common |