From a201bd83b71fc40b777cb561a5f47015e664b974 Mon Sep 17 00:00:00 2001
From: Oleg Vasilev <oleg.vasilev@quadcode.com>
Date: Tue, 28 Dec 2021 00:02:10 +0300
Subject: [PATCH] Fix rights for sshd_config

---
 tasks/main.yml   | 15 +++++++++------
 vars/linux.yml   |  6 ++++++
 vars/openbsd.yml |  7 +++++++
 3 files changed, 22 insertions(+), 6 deletions(-)
 create mode 100644 vars/linux.yml
 create mode 100644 vars/openbsd.yml

diff --git a/tasks/main.yml b/tasks/main.yml
index b13f333..a071306 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,12 +1,15 @@
 ---
 
-- name: sshd | Setup sshd_config
+- name: unbound | Load system-specific vars
+  include_vars: "{{ ansible_system | lower }}.yml"
+
+- name: sshd | Deploy sshd_config
   template:
-    src: "{{ sshd_config_template }}"
-    dest: /etc/ssh/sshd_config
-    mode: 0640
-    owner: root
-    group: root
+    src:   "{{ sshd_config_template }}"
+    dest:  /etc/ssh/sshd_config
+    mode:  "{{ sshd_config_props.mode }}"
+    owner: "{{ sshd_config_props.owner }}"
+    group: "{{ sshd_config_props.group }}"
     validate: sshd -t -f %s
   notify: sshd | Apply config
 
diff --git a/vars/linux.yml b/vars/linux.yml
new file mode 100644
index 0000000..6c2cf18
--- /dev/null
+++ b/vars/linux.yml
@@ -0,0 +1,6 @@
+---
+
+sshd_config_props:
+  mode: 0640
+  owner: root
+  group: root
diff --git a/vars/openbsd.yml b/vars/openbsd.yml
new file mode 100644
index 0000000..1d78a8b
--- /dev/null
+++ b/vars/openbsd.yml
@@ -0,0 +1,7 @@
+---
+
+sshd_config_props:
+  mode: 0644
+  owner: root
+  group: wheel
+