ai-workspace-infra/playbooks
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
19e1f4ef1d
playbooks/roles/readonly_ssh_user/handlers/main.yml
Haitao Pan 19e1f4ef1d Add readonly SSH audit user role and playbooks
2026-04-10 11:08:47 +08:00

34 lines
947 B
YAML
Raw Blame History

---
- name: Validate sshd configuration syntax
ansible.builtin.command: sshd -t
changed_when: false
when: not ansible_check_mode
listen: reload sshd
- name: Collect service facts for ssh reload
ansible.builtin.service_facts:
changed_when: false
listen: reload sshd
- name: Select SSH service name for readonly user role
ansible.builtin.set_fact:
readonly_ssh_service_name: >-
{{
readonly_ssh_service_name_override
if readonly_ssh_service_name_override | length > 0
else ('ssh' if 'ssh.service' in ansible_facts.services else 'sshd')
}}
listen: reload sshd
- name: Reload SSH service
ansible.builtin.service:
name: "{{ readonly_ssh_service_name }}"
state: reloaded
listen: reload sshd
- name: Validate sudoers syntax
ansible.builtin.command: "visudo -cf {{ readonly_ssh_user_sudoers_file }}"
changed_when: false
when: not ansible_check_mode
listen: validate sudoers
Reference in New Issue View Git Blame Copy Permalink