diff --git a/initial_server_setup/initial_setup.yml b/initial_server_setup/initial_setup.yml index d8486a1ce248edfabb76835894c50b310d27b4cf..f73d7a38e285d8cb06530fe355519413d65cac94 100644 --- a/initial_server_setup/initial_setup.yml +++ b/initial_server_setup/initial_setup.yml @@ -57,12 +57,14 @@ content: | # {{ ansible_managed }} PasswordAuthentication no + register: pass_auth - name: Remove SSH Password Auth from sshd_config ansible.builtin.lineinfile: path: /etc/ssh/sshd_config regex: "^PasswordAuthentication" line: "# PasswordAuthentication No" tags: network,ssh + register: pass_auth_sshd - name: Disable SSH Empty Password ansible.builtin.copy: dest: /etc/ssh/sshd_config.d/disable_empty_password.conf @@ -71,12 +73,14 @@ content: | # {{ ansible_managed }} PermitEmptyPasswords no + register: empty_pass - name: Remove SSH Empty Password from sshd_config ansible.builtin.lineinfile: path: /etc/ssh/sshd_config regex: "^PermitEmptyPasswords" line: "# PermitEmptyPasswords No" tags: network,ssh + register: empty_pass_sshd - name: Disable SSH Root Login ansible.builtin.copy: dest: /etc/ssh/sshd_config.d/disable_root_login.conf @@ -85,12 +89,14 @@ content: | # {{ ansible_managed }} PermitRootLogin no + register: root_login - name: Remove SSH Root Login from sshd_config ansible.builtin.lineinfile: path: /etc/ssh/sshd_config regex: "^PermitRootLogin" line: "# PermitRootLogin No" tags: network,ssh + register: root_login_sshd # Create Freifunk Users - name: Create member users @@ -156,3 +162,4 @@ name: "sshd" state: "reloaded" tags: network,ssh + when: pass_auth.changed or pass_auth_sshd.changed or empty_pass.changed or empty_pass_sshd.changed or root_login.changed or root_login_sshd.changed