37 lines
826 B
YAML
37 lines
826 B
YAML
---
|
|
- name: Install OpenSSH
|
|
ansible.builtin.apt:
|
|
name: openssh-server
|
|
|
|
- name: Allow authorized keys
|
|
ansible.posix.authorized_key:
|
|
user: "{{ item['user'] }}"
|
|
key: "{{ item['key'] }}"
|
|
comment: "{{ item['comment'] | default(omit) }}"
|
|
loop: "{{ ssh_authorized_keys }}"
|
|
|
|
- name: Copy configuration file
|
|
ansible.builtin.copy:
|
|
src: files/ssh/sshd_config
|
|
dest: /etc/ssh/sshd_config
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
|
|
- name: Reload and enable SSH service
|
|
ansible.builtin.service:
|
|
name: ssh
|
|
state: reloaded
|
|
enabled: true
|
|
|
|
- name: Allow SSH network flows
|
|
ansible.builtin.iptables:
|
|
chain: INPUT
|
|
protocol: tcp
|
|
source: "{{ item }}"
|
|
destination_port: "22"
|
|
jump: ACCEPT
|
|
comment: allow ssh
|
|
loop:
|
|
- "{{ openvpn_subnet }}"
|
|
- "{{ local_subnet }}"
|