ilia/ansible
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
ansible/roles/ssh/tasks/main.yml
ilia 01d35172e4
Some checks failed
CI / lint-and-test (pull_request) Failing after 58s
Details
CI / ansible-validation (pull_request) Failing after 1m58s
Details
CI / secret-scanning (pull_request) Successful in 58s
Details
CI / dependency-scan (pull_request) Successful in 1m1s
Details
CI / sast-scan (pull_request) Successful in 1m55s
Details
CI / license-check (pull_request) Successful in 58s
Details
CI / vault-check (pull_request) Failing after 1m55s
Details
CI / playbook-test (pull_request) Successful in 1m57s
Details
CI / container-scan (pull_request) Successful in 1m27s
Details
CI / sonar-analysis (pull_request) Successful in 2m4s
Details
CI / workflow-summary (pull_request) Successful in 55s
Details
Fix: Resolve linting errors and improve firewall configuration 
- Fix UFW firewall to allow outbound traffic (was blocking all outbound)
- Add HOST parameter support to shell Makefile target
- Fix all ansible-lint errors (trailing spaces, missing newlines, document starts)
- Add changed_when: false to check commands
- Fix variable naming (vault_devGPU -> vault_devgpu)
- Update .ansible-lint config to exclude .gitea/ and allow strategy: free
- Fix NodeSource repository GPG key handling in shell playbook
- Add missing document starts to host_vars files
- Clean up empty lines in datascience role files
2025-12-17 22:51:04 -05:00

49 lines
1.1 KiB
YAML
Raw Blame History

---
- name: Ensure SSH server installed
ansible.builtin.apt:
name: openssh-server
state: present
- name: Create safety copy of original SSH configuration
ansible.builtin.copy:
src: /etc/ssh/sshd_config
dest: /etc/ssh/sshd_config.original
remote_src: true
mode: '0600'
force: false
- name: Configure SSH daemon
ansible.builtin.template:
src: sshd_config.j2
dest: /etc/ssh/sshd_config
backup: true
mode: '0644'
validate: '/usr/sbin/sshd -t -f %s'
notify: Restart sshd
- name: Configure firewalls - allow SSH port
community.general.ufw:
rule: allow
port: "{{ ssh_port }}"
proto: tcp
- name: Configure firewalls - allow SSH by name (fallback)
community.general.ufw:
rule: allow
name: OpenSSH
failed_when: false
- name: Set UFW default policy for incoming (deny)
community.general.ufw:
direction: incoming
policy: deny
- name: Set UFW default policy for outgoing (allow)
community.general.ufw:
direction: outgoing
policy: allow
- name: Enable UFW firewall
community.general.ufw:
state: enabled
Reference in New Issue View Git Blame Copy Permalink