Use a handler to restart sshd
This commit is contained in:
parent
95163fbed1
commit
7a6d11c548
|
@ -5,3 +5,8 @@
|
||||||
cmd: "echo 'topic={{ secrets.ntfy_topic }}' > .env && ./install.sh"
|
cmd: "echo 'topic={{ secrets.ntfy_topic }}' > .env && ./install.sh"
|
||||||
stdin: 20
|
stdin: 20
|
||||||
chdir: "/home/{{ ansible_user }}/apt-update-push"
|
chdir: "/home/{{ ansible_user }}/apt-update-push"
|
||||||
|
|
||||||
|
- name: Restart sshd
|
||||||
|
service:
|
||||||
|
name: sshd
|
||||||
|
state: restarted
|
||||||
|
|
|
@ -11,26 +11,18 @@
|
||||||
regexp: '^#?PubkeyAuthentication '
|
regexp: '^#?PubkeyAuthentication '
|
||||||
line: PubkeyAuthentication yes
|
line: PubkeyAuthentication yes
|
||||||
dest: /etc/ssh/sshd_config
|
dest: /etc/ssh/sshd_config
|
||||||
register: ssh_pubkey
|
notify: Restart sshd
|
||||||
|
|
||||||
- name: Disallow SSH login with password
|
- name: Disallow SSH login with password
|
||||||
lineinfile:
|
lineinfile:
|
||||||
regexp: '^#?PasswordAuthentication '
|
regexp: '^#?PasswordAuthentication '
|
||||||
line: PasswordAuthentication no
|
line: PasswordAuthentication no
|
||||||
dest: /etc/ssh/sshd_config
|
dest: /etc/ssh/sshd_config
|
||||||
register: ssh_pw
|
notify: Restart sshd
|
||||||
|
|
||||||
- name: Disallow root login over SSH
|
- name: Disallow root login over SSH
|
||||||
lineinfile:
|
lineinfile:
|
||||||
regexp: '^#?PermitRootLogin '
|
regexp: '^#?PermitRootLogin '
|
||||||
line: PermitRootLogin no
|
line: PermitRootLogin no
|
||||||
dest: /etc/ssh/sshd_config
|
dest: /etc/ssh/sshd_config
|
||||||
register: ssh_root
|
notify: Restart sshd
|
||||||
|
|
||||||
- name: Restart sshd
|
|
||||||
service:
|
|
||||||
name: sshd
|
|
||||||
state: restarted
|
|
||||||
when: (ssh_pubkey is defined and ssh_pubkey.changed) or
|
|
||||||
(ssh_pw is defined and ssh_pw.changed) or
|
|
||||||
(ssh_root is defined and ssh_root.changed)
|
|
||||||
|
|
Reference in a new issue