ilia/ansible
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
ansible/roles/ssh/tasks/main.yml
ilia e897b1a027
Some checks failed
CI / lint-and-test (push) Successful in 1m16s
Details
CI / ansible-validation (push) Successful in 5m49s
Details
CI / secret-scanning (push) Successful in 1m33s
Details
CI / dependency-scan (push) Successful in 2m48s
Details
CI / sast-scan (push) Successful in 5m46s
Details
CI / license-check (push) Successful in 1m11s
Details
CI / vault-check (push) Failing after 5m25s
Details
CI / playbook-test (push) Successful in 5m32s
Details
CI / container-scan (push) Successful in 4m32s
Details
CI / sonar-analysis (push) Successful in 6m53s
Details
CI / workflow-summary (push) Successful in 1m6s
Details
Fix: Resolve linting errors and improve firewall configuration (#2) 
- Fix UFW firewall to allow outbound traffic (was blocking all outbound)
- Add HOST parameter support to shell Makefile target
- Fix all ansible-lint errors (trailing spaces, missing newlines, document starts)
- Add changed_when: false to check commands
- Fix variable naming (vault_devGPU -> vault_devgpu)
- Update .ansible-lint config to exclude .gitea/ and allow strategy: free
- Fix NodeSource repository GPG key handling in shell playbook
- Add missing document starts to host_vars files
- Clean up empty lines in datascience role files

Reviewed-on: #2
2025-12-25 16:47:26 -05:00

49 lines
1.1 KiB
YAML
Raw Blame History

---
- name: Ensure SSH server installed
ansible.builtin.apt:
name: openssh-server
state: present
- name: Create safety copy of original SSH configuration
ansible.builtin.copy:
src: /etc/ssh/sshd_config
dest: /etc/ssh/sshd_config.original
remote_src: true
mode: '0600'
force: false
- name: Configure SSH daemon
ansible.builtin.template:
src: sshd_config.j2
dest: /etc/ssh/sshd_config
backup: true
mode: '0644'
validate: '/usr/sbin/sshd -t -f %s'
notify: Restart sshd
- name: Configure firewalls - allow SSH port
community.general.ufw:
rule: allow
port: "{{ ssh_port }}"
proto: tcp
- name: Configure firewalls - allow SSH by name (fallback)
community.general.ufw:
rule: allow
name: OpenSSH
failed_when: false
- name: Set UFW default policy for incoming (deny)
community.general.ufw:
direction: incoming
policy: deny
- name: Set UFW default policy for outgoing (allow)
community.general.ufw:
direction: outgoing
policy: allow
- name: Enable UFW firewall
community.general.ufw:
state: enabled
Reference in New Issue View Git Blame Copy Permalink