Update variable names to match role name

2023-10-29 12:54:47 -04:00 · 2023-10-29 12:54:47 -04:00 · fc8fa90735
commit fc8fa90735
parent 800c0dbb29
4 changed files with 77 additions and 77 deletions
--- a/defaults/main.yaml
+++ b/defaults/main.yaml
@ -1,33 +1,33 @@
 ---

-sshd_config_path: /etc/ssh
+openssh_sshd_config_path: /etc/ssh

-ssh_port: 22
-ssh_address_family: any
-ssh_listen_addresses:
+openssh_port: 22
+openssh_address_family: any
+openssh_listen_addresses:
  - 0.0.0.0

-ssh_allow_groups: ssh
-ssh_login_grace_time: 20
-ssh_permit_root_login: 'no'
-ssh_strict_modes: 'yes'
-ssh_max_auth_tries: 3
-ssh_max_sessions: 2
+openssh_allow_groups: ssh
+openssh_login_grace_time: 20
+openssh_permit_root_login: 'no'
+openssh_strict_modes: 'yes'
+openssh_max_auth_tries: 3
+openssh_max_sessions: 2

-ssh_pubkey_authentication: 'yes'
+openssh_pubkey_authentication: 'yes'

-ssh_authorized_keys_file: .ssh/authorized_keys
+openssh_authorized_keys_file: .ssh/authorized_keys

-ssh_kexalgorithms:
-  # Mozilla Modern
+openssh_kexalgorithms:
+  # Compliant with Mozilla Modern
  - curve25519-sha256@libssh.org
  - ecdh-sha2-nistp521
  - ecdh-sha2-nistp384
  - ecdh-sha2-nistp256
  - diffie-hellman-group-exchange-sha256

-ssh_ciphers:
-  # Mozilla Modern
+openssh_ciphers:
+  # Compliant with Mozilla Modern
  - chacha20-poly1305@openssh.com
  - aes256-gcm@openssh.com
  - aes128-gcm@openssh.com
@ -35,8 +35,8 @@ ssh_ciphers:
  - aes192-ctr
  - aes128-ctr

-ssh_macs:
-  # Mozilla Modern
+openssh_macs:
+  # Compliant with Mozilla Modern
  - hmac-sha2-512-etm@openssh.com
  - hmac-sha2-256-etm@openssh.com
  - umac-128-etm@openssh.com
@ -44,27 +44,27 @@ ssh_macs:
  - hmac-sha2-256
  - umac-128@openssh.com

-ssh_hostbased_authentication: 'no'
-ssh_password_authentication: 'no'
-ssh_permit_empty_passwords: 'no'
-ssh_challenge_response_authentication: 'no'
-ssh_kerberos_authentication: 'no'
-ssh_gssapi_authentication: 'no'
-ssh_use_pam: 'yes'
+openssh_hostbased_authentication: 'no'
+openssh_password_authentication: 'no'
+openssh_permit_empty_passwords: 'no'
+openssh_challenge_response_authentication: 'no'
+openssh_kerberos_authentication: 'no'
+openssh_gssapi_authentication: 'no'
+openssh_use_pam: 'yes'

-ssh_allow_agent_forwarding: 'no'
-ssh_permit_tunnel: 'no'
+openssh_allow_agent_forwarding: 'no'
+openssh_permit_tunnel: 'no'

-ssh_x11_forwarding: 'no'
+openssh_x11_forwarding: 'no'

-ssh_print_motd: 'no'
+openssh_print_motd: 'no'

-ssh_permit_user_env: false
-ssh_accept_env:
+openssh_permit_user_env: false
+openssh_accept_env:
  - LANG
  - 'LC_*'

-ssh_banner: true
-ssh_banner_file: /etc/issue.net
+openssh_banner: true
+openssh_banner_file: /etc/issue.net

-ssh_loglevel: "VERBOSE"
+openssh_loglevel: "VERBOSE"
--- a/tasks/main.yaml
+++ b/tasks/main.yaml
@ -6,4 +6,4 @@
    state: present

 - name: Create sshd_config file
-  include_tasks: template_config.yaml
+  ansible.builtin.include_tasks: template_config.yaml
--- a/tasks/template_config.yaml
+++ b/tasks/template_config.yaml
@ -2,14 +2,14 @@

 - name: Ensure destination for sshd_config exists
  ansible.builtin.file:
-    path: "{{ sshd_config_path }}"
+    path: "{{ openssh_sshd_config_path }}"
    mode: '0644'
    state: directory

 - name: Write sshd_config file
  ansible.builtin.template:
    src: sshd_config.j2
-    dest: "{{ sshd_config_path }}/sshd_config"
+    dest: "{{ openssh_sshd_config_path }}/sshd_config"
    mode: '0644'
  become: true
  notify: Restart sshd
@ -17,6 +17,6 @@
 - name: Write banner file
  ansible.builtin.template:
    src: issue.net.j2
-    dest: "{{ ssh_banner_file }}"
+    dest: "{{ openssh_banner_file }}"
    mode: '0644'
  when: ssh_banner
--- a/templates/sshd_config.j2
+++ b/templates/sshd_config.j2
@ -1,72 +1,72 @@
-# {{ ansible_managed }}
+{{ ansible_managed | comment }}

-Port {{ ssh_port }}
-AddressFamily {{ ssh_address_family }}
-{% for a in ssh_listen_addresses %}
+Port {{ openssh_port }}
+AddressFamily {{ openssh_address_family }}
+{% for a in openssh_listen_addresses %}
 ListenAddress {{ a }}
 {% endfor %}

-{% if ssh_hostkey_file is defined %}
-HostKey {{ ssh_hostkey_file }}
+{% if openssh_hostkey_file is defined %}
+HostKey {{ openssh_hostkey_file }}
 {% else %}
-HostKey /etc/ssh/ssh_host_ed25519_key
-HostKey /etc/ssh/ssh_host_rsa_key
-HostKey /etc/ssh/ssh_host_ecdsa_key
+HostKey /etc/ssh/openssh_host_ecdsa_key
+HostKey /etc/ssh/openssh_host_ed25519_key
+HostKey /etc/ssh/openssh_host_rsa_key
 {% endif %}

-{% if ssh_kexalgorithms is defined %}
-KexAlgorithms {% for alg in ssh_kexalgorithms %}{{ alg }}{{ "," if not loop.last }}{% endfor %}
+{% if openssh_kexalgorithms is defined %}
+KexAlgorithms {% for alg in openssh_kexalgorithms %}{{ alg }}{{ "," if not loop.last }}{% endfor %}
 {% endif %}

-{% if ssh_ciphers is defined %}
-Ciphers {% for alg in ssh_ciphers %}{{ alg }}{{ "," if not loop.last }}{% endfor %}
+{% if openssh_ciphers is defined %}
+Ciphers {% for alg in openssh_ciphers %}{{ alg }}{{ "," if not loop.last }}{% endfor %}
 {% endif %}

-{% if ssh_macs is defined %}
-MACs {% for alg in ssh_macs %}{{ alg }}{{ "," if not loop.last }}{% endfor %}
+{% if openssh_macs is defined %}
+MACs {% for alg in openssh_macs %}{{ alg }}{{ "," if not loop.last }}{% endfor %}
 {% endif %}


-AllowGroups {{ ssh_allow_groups }}
-LoginGraceTime {{ ssh_login_grace_time }}
-PermitRootLogin {{ ssh_permit_root_login }}
-StrictModes {{ ssh_strict_modes }}
-MaxAuthTries {{ ssh_max_auth_tries }}
-MaxSessions {{ ssh_max_sessions }}
+AllowGroups {{ openssh_allow_groups }}
+LoginGraceTime {{ openssh_login_grace_time }}
+PermitRootLogin {{ openssh_permit_root_login }}
+StrictModes {{ openssh_strict_modes }}
+MaxAuthTries {{ openssh_max_auth_tries }}
+MaxSessions {{ openssh_max_sessions }}

-PubkeyAuthentication {{ ssh_pubkey_authentication }}
-AuthorizedKeysFile {{ ssh_authorized_keys_file }}
+PubkeyAuthentication {{ openssh_pubkey_authentication }}
+AuthorizedKeysFile {{ openssh_authorized_keys_file }}

-HostbasedAuthentication {{ ssh_hostbased_authentication }}
+HostbasedAuthentication {{ openssh_hostbased_authentication }}

-PasswordAuthentication {{ ssh_password_authentication }}
-PermitEmptyPasswords {{ ssh_permit_empty_passwords }}
-ChallengeResponseAuthentication {{ ssh_challenge_response_authentication }}
-KerberosAuthentication {{ ssh_kerberos_authentication }}
-GSSAPIAuthentication {{ ssh_gssapi_authentication }}
-UsePAM {{ ssh_use_pam }}
+PasswordAuthentication {{ openssh_password_authentication }}
+PermitEmptyPasswords {{ openssh_permit_empty_passwords }}
+ChallengeResponseAuthentication {{ openssh_challenge_response_authentication }}
+KerberosAuthentication {{ openssh_kerberos_authentication }}
+GSSAPIAuthentication {{ openssh_gssapi_authentication }}
+UsePAM {{ openssh_use_pam }}

-AllowAgentForwarding {{ ssh_allow_agent_forwarding }}
-PermitTunnel {{ ssh_permit_tunnel }}
+AllowAgentForwarding {{ openssh_allow_agent_forwarding }}
+PermitTunnel {{ openssh_permit_tunnel }}

-X11Forwarding {{ ssh_x11_forwarding }}
-PrintMotd {{ ssh_print_motd }}
+X11Forwarding {{ openssh_x11_forwarding }}
+PrintMotd {{ openssh_print_motd }}

-{% if ssh_banner == true %}
-Banner {{ ssh_banner_file }}
+{% if openssh_banner == true %}
+Banner {{ openssh_banner_file }}
 {% endif %}

-{% if ssh_permit_user_env == true %}
+{% if openssh_permit_user_env == true %}
 PermitUserEnvironment yes

-{% for e in ssh_accept_env %}
+{% for e in openssh_accept_env %}
 AcceptEnv {{ e }}
 {% endfor %}
 {% else %}
 PermitUserEnvironment no
 {% endif %}

-LogLevel {{ ssh_loglevel }}
+LogLevel {{ openssh_loglevel }}

 {% if ansible_facts['os_family'] == 'RedHat' %}
 Subsystem sftp	/usr/libexec/openssh/sftp-server -f AUTHPRIV -l INFO