40 lines
899 B
YAML
40 lines
899 B
YAML
---
|
|
- name: Ensure SSH server installed
|
|
ansible.builtin.apt:
|
|
name: openssh-server
|
|
state: present
|
|
|
|
- name: Create safety copy of original SSH configuration
|
|
ansible.builtin.copy:
|
|
src: /etc/ssh/sshd_config
|
|
dest: /etc/ssh/sshd_config.original
|
|
remote_src: true
|
|
mode: '0600'
|
|
force: false
|
|
|
|
- name: Configure SSH daemon
|
|
ansible.builtin.template:
|
|
src: sshd_config.j2
|
|
dest: /etc/ssh/sshd_config
|
|
backup: true
|
|
mode: '0644'
|
|
validate: '/usr/sbin/sshd -t -f %s'
|
|
notify: Restart sshd
|
|
|
|
- name: Configure firewalls - allow SSH port
|
|
community.general.ufw:
|
|
rule: allow
|
|
port: "{{ ssh_port }}"
|
|
proto: tcp
|
|
|
|
- name: Configure firewalls - allow SSH by name (fallback)
|
|
community.general.ufw:
|
|
rule: allow
|
|
name: OpenSSH
|
|
failed_when: false
|
|
|
|
- name: Enable UFW with deny default policy
|
|
community.general.ufw:
|
|
state: enabled
|
|
policy: deny
|