Alan Orth
57120308dc
Ansible 2.4 and 2.5 are moving away from specialized loop functions and the old syntax will eventually be deprecated and removed. I did not change the with_fileglob loops because I'm not sure about their syntax yet. See: https://docs.ansible.com/ansible/latest/user_guide/playbooks_loops.html
26 lines
947 B
YAML
26 lines
947 B
YAML
---
|
|
|
|
# SSH configs don't change in Debian minor versions
|
|
- name: Reconfigure /etc/ssh/sshd_config
|
|
template: src=sshd_config_{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.j2 dest=/etc/ssh/sshd_config owner=root group=root mode=0600
|
|
when: ansible_distribution == 'Debian'
|
|
notify: reload sshd
|
|
|
|
# Ubuntu is the only distro we have where SSH version is very different from 14.04 -> 14.10,
|
|
# ie with new ciphers supported etc.
|
|
- name: Reconfigure /etc/ssh/sshd_config
|
|
template: src=sshd_config_{{ ansible_distribution }}-{{ ansible_distribution_version }}.j2 dest=/etc/ssh/sshd_config owner=root group=root mode=0600
|
|
when: ansible_distribution == 'Ubuntu'
|
|
notify: reload sshd
|
|
|
|
- name: Remove DSA and ECDSA host keys
|
|
file: name=/etc/ssh/{{ item }} state=absent
|
|
loop:
|
|
- ssh_host_dsa_key
|
|
- ssh_host_dsa_key.pub
|
|
- ssh_host_ecdsa_key
|
|
- ssh_host_ecdsa_key.pub
|
|
notify: reload sshd
|
|
|
|
# vim: set sw=2 ts=2:
|