aboutsummaryrefslogtreecommitdiffstats
path: root/ansible/roles/common
diff options
context:
space:
mode:
Diffstat (limited to 'ansible/roles/common')
-rw-r--r--ansible/roles/common/handlers/main.yml8
-rw-r--r--ansible/roles/common/meta/main.yml3
-rw-r--r--ansible/roles/common/tasks/main.yml17
3 files changed, 20 insertions, 8 deletions
diff --git a/ansible/roles/common/handlers/main.yml b/ansible/roles/common/handlers/main.yml
index 68db0ad..2b4beea 100644
--- a/ansible/roles/common/handlers/main.yml
+++ b/ansible/roles/common/handlers/main.yml
@@ -1,10 +1,4 @@
-- name: Reload ssh
- service:
- name: ssh
- state: reloaded
- tags:
- - role::common
-
+---
- name: Restart systemd-timesyncd
service:
name: systemd-timesyncd
diff --git a/ansible/roles/common/meta/main.yml b/ansible/roles/common/meta/main.yml
new file mode 100644
index 0000000..5526b6b
--- /dev/null
+++ b/ansible/roles/common/meta/main.yml
@@ -0,0 +1,3 @@
+---
+dependencies:
+ - ssh
diff --git a/ansible/roles/common/tasks/main.yml b/ansible/roles/common/tasks/main.yml
index 4cfae85..8b5fd19 100644
--- a/ansible/roles/common/tasks/main.yml
+++ b/ansible/roles/common/tasks/main.yml
@@ -14,16 +14,31 @@
tags:
- role::common
+# Temporary cleanup task. Can be removed later.
+- name: Remove old SSH daemon options file
+ ansible.builtin.file:
+ path: /etc/ssh/sshd_config.d/pydis.conf
+ state: absent
+ tags:
+ - role::common
+
- name: Configure SSH daemon options
ansible.builtin.copy:
content: |
# Ansible managed
+ # Logins
PasswordAuthentication no
PermitRootLogin no
+
+ # Forwarding
+ AllowAgentForwarding no
+ X11Forwarding no
+
+ # Connection keepalive
ClientAliveInterval 300
ClientAliveCountMax 3
- dest: /etc/ssh/sshd_config.d/pydis.conf
+ dest: /etc/ssh/sshd_config.d/hardening.conf
owner: root
group: root
mode: "0444"
generated by cgit v1.2.3 (git 2.39.1) at 2025-11-04 04:09:18 +0000