mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-12-07 18:05:09 +00:00

Files

Kevin Veen-Birkenbach 94f97ed1f3 Refactor: Migrate deprecated Ansible facts to ansible_facts[] syntax

Why:
- Ansible 2.20+ deprecates INJECT_FACTS_AS_VARS and direct usage of top-level ansible_* facts.
- This change updates all affected roles and vars files to the new supported syntax.
- Ensures compatibility with upcoming Ansible 2.24 removal of implicit fact injection.

Conversation reference:
https://chatgpt.com/share/692f639b-1380-800f-9f18-732f7108e9e2

2025-12-02 23:09:46 +01:00

handlers

…

README.md

sshd

Description

This Ansible role configures the OpenSSH daemon (sshd) by deploying a templated sshd_config file. It applies secure, best-practice settings—such as disabling root login, enforcing public-key authentication, and setting appropriate logging levels—to harden remote access and reduce the risk of misconfiguration or lockout.

Overview

Renders sshd_config.j2 into /etc/ssh/sshd_config with customizable options
Sets file ownership (root:root) and permissions (0644)
Automatically reloads and restarts the SSH service via a Systemd handler
Uses a run_once_sys_svc_sshd fact to ensure idempotent execution

Features

Templated Configuration
Delivers a Jinja2-based sshd_config with variables for debug logging and PAM support.
Security Defaults
- Disables password (PasswordAuthentication no) and root login (PermitRootLogin no)
- Enforces public-key authentication (PubkeyAuthentication yes)
- Conditionally sets LogLevel to DEBUG3 when MODE_DEBUG is true
Systemd Integration
Handles daemon reload and service restart seamlessly on configuration changes.
Idempotency
Ensures tasks run only once per play by setting the run_once_sys_svc_sshd fact.

README.md

sshd

Description

Overview

Features

Further Resources