feat(services): implement SSH server toggeling

2026-01-05 18:18:18 +01:00
parent 2d4127a688
commit 315fdef69f
4 changed files with 11 additions and 8 deletions
--- a/roles/bootstrap/vars/main.yml
+++ b/roles/bootstrap/vars/main.yml
@@ -48,7 +48,7 @@ bootstrap_archlinux:
  - ncdu
  - networkmanager
  - nfs-utils
-  - openssh
+  - "{{ 'openssh' if ssh_enabled | bool else '' }}"
  - ppp
  - prometheus-node-exporter
  - python-psycopg2
@@ -82,7 +82,7 @@ bootstrap_debian11:
    - logrotate
    - lvm2
    - net-tools
-    - openssh-server
+    - "{{ 'openssh-server' if ssh_enabled | bool else '' }}"
    - python3
    - sudo
    - xfsprogs
@@ -153,7 +153,7 @@ bootstrap_debian12:
    - neofetch
    - net-tools
    - network-manager
-    - openssh-server
+    - "{{ 'openssh-server' if ssh_enabled | bool else '' }}"
    - python-is-python3
    - python3
    - ripgrep
@@ -208,7 +208,7 @@ bootstrap_debian13:
    - ncdu
    - net-tools
    - network-manager
-    - openssh-server
+    - "{{ 'openssh-server' if ssh_enabled | bool else '' }}"
    - python-is-python3
    - python3
    - ripgrep
@@ -412,7 +412,7 @@ bootstrap_ubuntu:
    - ncurses-term
    - net-tools
    - network-manager
-    - openssh-server
+    - "{{ 'openssh-server' if ssh_enabled | bool else '' }}"
    - python-is-python3
    - python3
    - ripgrep
@@ -475,7 +475,7 @@ bootstrap_ubuntu_lts:
    - ncurses-term
    - net-tools
    - network-manager
-    - openssh-server
+    - "{{ 'openssh-server' if ssh_enabled | bool else '' }}"
    - python-is-python3
    - python3
    - ripgrep
--- a/roles/configuration/tasks/services.yml
+++ b/roles/configuration/tasks/services.yml
@@ -4,8 +4,9 @@
    {{ chroot_command }} /mnt systemctl enable NetworkManager
    {{ ' firewalld' if firewalld_enabled | bool else '' }}
    {{
-      ' ssh' if os | lower in ['ubuntu', 'ubuntu-lts'] else
-      (' sshd' if os | lower not in ['debian11', 'debian12', 'debian13'] else '')
+      (' ssh' if os | lower in ['ubuntu', 'ubuntu-lts'] else
+       (' sshd' if os | lower not in ['debian11', 'debian12', 'debian13'] else ''))
+      if ssh_enabled | bool else ''
    }}
    {{
      'logrotate systemd-resolved systemd-timesyncd systemd-networkd'
--- a/roles/global_defaults/defaults/main.yml
+++ b/roles/global_defaults/defaults/main.yml
@@ -5,6 +5,7 @@ cis: false
 selinux: true
 vmware_ssh: false
 firewalld_enabled: true
+ssh_enabled: true
 zstd_enabled: true
 swap_enabled: true
 chroot_command: "arch-chroot"