Fix rights for sshd_config

2021-12-28 00:02:10 +03:00 · 2021-12-28 00:02:10 +03:00 · a201bd83b7
parent 78d0ad0abf
commit a201bd83b7
3 changed files with 22 additions and 6 deletions
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -1,12 +1,15 @@
 ---

- name: sshd | Setup sshd_config
+- name: unbound | Load system-specific vars
+  include_vars: "{{ ansible_system | lower }}.yml"
+
+- name: sshd | Deploy sshd_config
  template:
-    src: "{{ sshd_config_template }}"
-    dest: /etc/ssh/sshd_config
-    mode: 0640
-    owner: root
-    group: root
+    src:   "{{ sshd_config_template }}"
+    dest:  /etc/ssh/sshd_config
+    mode:  "{{ sshd_config_props.mode }}"
+    owner: "{{ sshd_config_props.owner }}"
+    group: "{{ sshd_config_props.group }}"
    validate: sshd -t -f %s
  notify: sshd | Apply config

--- a/vars/linux.yml
+++ b/vars/linux.yml
@ -0,0 +1,6 @@
+---
+
+sshd_config_props:
+  mode: 0640
+  owner: root
+  group: root
--- a/vars/openbsd.yml
+++ b/vars/openbsd.yml
@ -0,0 +1,7 @@
+---
+
+sshd_config_props:
+  mode: 0644
+  owner: root
+  group: wheel
+