more consistent ssh deployment

richlamdev · richlamdev · commit f42e4e2b61c2 · 2025-01-18T15:03:18.000-08:00
diff --git a/main.yml b/main.yml
@@ -9,26 +9,26 @@
     - vars.yml
 
   roles:
-    - auto-update
+    # - auto-update
     - base
-    - aws
-    - brave
-    - chrome
-    # - docker-cli-only
-    - docker-desktop-dependency
-    - gh_cli
-    - hashicorp
-    - keepassxc
-    - kubectl
-    - microsoft
-    - mullvad
-    - opera
-    - signal-desktop
-    - sublime-text
-    - trivy
-    - role: vim
-      become: false
-    - role: env
-      become: false
-    - disable-local-dns
+    # - aws
+    # - brave
+    # - chrome
+    # # - docker-cli-only
+    # - docker-desktop-dependency
+    # - gh_cli
+    # - hashicorp
+    # - keepassxc
+    # - kubectl
+    # - microsoft
+    # - mullvad
+    # - opera
+    # - signal-desktop
+    # - sublime-text
+    # - trivy
+    # - role: vim
+    #   become: false
+    # - role: env
+    #   become: false
+    # - disable-local-dns
     # - yubico
diff --git a/roles/base/tasks/autostart.yml b/roles/base/tasks/autostart.yml
@@ -7,13 +7,13 @@
     owner: "{{ local_user }}"
     group: "{{ local_user_primary_group }}"
 
-- name: enable firefox autostart
-  copy:
-    src: autostart/firefox.desktop
-    dest: "/home/{{ local_user }}/.config/autostart/"
-    mode: 0644
-    owner: "{{ local_user }}"
-    group: "{{ local_user_primary_group }}"
+# - name: enable firefox autostart
+#   copy:
+#     src: autostart/firefox.desktop
+#     dest: "/home/{{ local_user }}/.config/autostart/"
+#     mode: 0644
+#     owner: "{{ local_user }}"
+#     group: "{{ local_user_primary_group }}"
 
 - name: enable gnome-keyring-ssh autostart
   copy:
diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml
@@ -8,8 +8,8 @@
 - name: snap packages
   import_tasks: snap.yml
 
-- name: authentication tasks
-  import_tasks: authentication.yml
+- name: ssh tasks
+  import_tasks: ssh.yml
 
 - name: security tasks
   import_tasks: security.yml
diff --git a/roles/base/tasks/ssh.yml b/roles/base/tasks/ssh.yml
@@ -3,22 +3,16 @@
   ansible.builtin.find:
     paths: /etc/ssh/sshd_config.d/
     file_type: file
-  register: sshd_config_files
+  register: sshd_config_d_files
 
 - name: Remove all files in /etc/ssh/sshd_config.d/
   ansible.builtin.file:
     path: "{{ item.path }}"
     state: absent
-  loop: "{{ sshd_config_files.files }}"
-  when: sshd_config_files.matched > 0
-
-- name: Ensure /etc/ssh/sshd_config.d/ directory exists
-  ansible.builtin.file:
-    path: /etc/ssh/sshd_config.d/
-    state: directory
-    owner: root
-    group: root
-    mode: '0755'
+  loop: "{{ sshd_config_d_files.files }}"
+  loop_control:
+    label: "{{ item.path }}"
+  when: sshd_config_d_files.matched > 0
 
 - name: Copy custom sshd_config.conf to /etc/ssh/sshd_config.d/
   ansible.builtin.copy:
@@ -29,25 +23,20 @@
     mode: '0644'
 
 
-- name: Remove all files in /etc/ssh/ssh_config.d but keep the directory
+- name: Find all files in /etc/ssh/ssh_config.d/
   ansible.builtin.find:
     paths: /etc/ssh/ssh_config.d/
     file_type: file
-  register: files_to_remove
+  register: ssh_config_d_files
 
-- name: Delete files in /etc/ssh/ssh_config.d
+- name: Remove all files in /etc/ssh/ssh_config.d/
   ansible.builtin.file:
     path: "{{ item.path }}"
     state: absent
-  loop: "{{ files_to_remove.files }}"
-
-- name: Ensure /etc/ssh/ssh_config.d/ directory exists
-  ansible.builtin.file:
-    path: /etc/ssh/ssh_config.d/
-    state: directory
-    owner: root
-    group: root
-    mode: '0755'
+  loop: "{{ ssh_config_d_files.files }}"
+  loop_control:
+    label: "{{ item.path }}"
+  when: ssh_config_d_files.matched > 0
 
 - name: Copy ssh_config to /etc/ssh/ssh_config.d/
   ansible.builtin.copy:
