ctucx.git: ansible-configs

My personal ansible roles and playbooks [deprecated in favor of nixos]

commit 828702ce1da07fcd67f804ea019be9555b555d12
parent a36116de48b0d018edcbd8b98606ac9728d98f6c
Author: Leah (ctucx) <leah@ctu.cx>
Date: Mon, 22 Feb 2021 16:55:36 +0100

roles/openssh: fixes

7 files changed, 35 insertions(+), 46 deletions(-)
A
roles/openssh/handlers/main.yml
|
17
+++++++++++++++++
A
roles/openssh/meta/main.yml
|
6
++++++
M
roles/openssh/tasks/configure.yml
|
2
+-
M
roles/openssh/tasks/firewall.yml
|
16
++--------------
M
roles/openssh/tasks/main.yml
|
4
++++
M
roles/openssh/tasks/remove.yml
|
20
+++++---------------
M
roles/openssh/tasks/start.yml
|
16
----------------
diff --git a/roles/openssh/handlers/main.yml b/roles/openssh/handlers/main.yml
@@ -0,0 +1,17 @@
+---
+
+- name: "[OpenRC] Restart service: openssh (to deploy config changes)"
+  service:
+    name: openssh
+    state: restarted
+  when:
+    - ansible_service_mgr == "openrc"
+  listen: "Restart openssh"
+
+- name: "[systemd] Restart service: openssh (to deploy config changes)"
+  systemd:
+    name: openssh
+    state: restarted
+  when:
+    - ansible_service_mgr == "systemd"
+  listen: "Restart openssh"

diff --git a/roles/openssh/meta/main.yml b/roles/openssh/meta/main.yml
@@ -0,0 +1,6 @@
+---
+
+dependencies:
+  - role: nftables-handler
+    when:
+      - network.nftables.enable is true

diff --git a/roles/openssh/tasks/configure.yml b/roles/openssh/tasks/configure.yml
@@ -6,4 +6,4 @@
     dest: /etc/ssh/sshd_config
     mode: 0755
     validate: "/usr/sbin/sshd -T -f %s"
-  register: sshdConfig
+  notify: "Restart openssh"

diff --git a/roles/openssh/tasks/firewall.yml b/roles/openssh/tasks/firewall.yml
@@ -4,17 +4,4 @@
   template:
     src: nftables-rule.nft.j2
     dest: /etc/nftables.d/openssh.nft
-
-- name: "[OpenRC] Restart service: nftables"
-  service:
-    name: nftables
-    state: restarted
-  when:
-    - ansible_service_mgr == "openrc"
-
-- name: "[systemd] Restart service: nftables"
-  systemd:
-    name: nftables
-    state: restarted
-  when:
-    - ansible_service_mgr == "systemd"
+  notify: "Restart nftables"+
\ No newline at end of file

diff --git a/roles/openssh/tasks/main.yml b/roles/openssh/tasks/main.yml
@@ -25,3 +25,6 @@
   when:
     - services.openssh.enable is defined
     - services.openssh.enable is false
+
+- name: Run handlers
+  meta: flush_handlers+
\ No newline at end of file

diff --git a/roles/openssh/tasks/remove.yml b/roles/openssh/tasks/remove.yml
@@ -37,20 +37,10 @@
     state: absent
   with_items:
     - "/etc/ssh"
-    - "/etc/nftables.d/openssh.nft"
 
-- name: "[OpenRC] Restart service: nftables"
-  service:
-    name: nftables
-    state: restarted
-  when:
-    - ansible_service_mgr == "openrc"
-    - network.nftables.enable is true
+- name: "[nftables] Delete rule for: openssh"
+  file:
+    path: /etc/nftables.d/openssh.nft
+    state: absent
+  notify: "Restart nftables"
 
-- name: "[systemd] Restart service: nftables"
-  systemd:
-    name: nftables
-    state: restarted
-  when:
-    - ansible_service_mgr == "systemd"
-    - network.nftables.enable is true

diff --git a/roles/openssh/tasks/start.yml b/roles/openssh/tasks/start.yml
@@ -15,19 +15,3 @@
     state: started
   when: 
     - ansible_service_mgr == "systemd"
-
-- name: "[OpenRC] Restart start service: sshd (to deploy new config)"
-  service:
-    name: sshd
-    state: started
-  when:
-    - ansible_service_mgr == "openrc" 
-    - sshdConfig.changed
-
-- name: "[systemd] Enable and start service: sshd (to deploy new config)"
-  systemd:
-    name: sshd
-    state: restarted
-  when: 
-    - ansible_service_mgr == "systemd"
-    - sshdConfig.changed