sandwich/Ansible-Bootstrap
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat(services): implement SSH server toggeling

Browse Source
This commit is contained in:
Sandwich
2026-01-05 18:18:18 +01:00
parent 2d4127a688
commit 315fdef69f
4 changed files with 11 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@@ -66,6 +66,7 @@ Global variables apply across your Ansible project and can be supplied via inven
| `cis` (optional) | Adjusts the installation to be CIS level 3 conformant. | `true`, `false (default)` | | `cis` (optional) | Adjusts the installation to be CIS level 3 conformant. | `true`, `false (default)` |
| `selinux` (optional) | Toggle SELinux where supported. | `true (default)`, `false` | | `selinux` (optional) | Toggle SELinux where supported. | `true (default)`, `false` |
| `firewalld_enabled` (optional) | Toggle firewalld package/service enablement. | `true (default)`, `false` | | `firewalld_enabled` (optional) | Toggle firewalld package/service enablement. | `true (default)`, `false` |
| `ssh_enabled` (optional) | Toggle SSH server package/service enablement. | `true (default)`, `false` |
### 2.2 Hypervisor Access (virtual installs) ### 2.2 Hypervisor Access (virtual installs)

12
roles/bootstrap/vars/main.yml
View File

@@ -48,7 +48,7 @@ bootstrap_archlinux:
- ncdu - ncdu
- networkmanager - networkmanager
- nfs-utils - nfs-utils
- openssh - "{{ 'openssh' if ssh_enabled | bool else '' }}"
- ppp - ppp
- prometheus-node-exporter - prometheus-node-exporter
- python-psycopg2 - python-psycopg2
@@ -82,7 +82,7 @@ bootstrap_debian11:
- logrotate - logrotate
- lvm2 - lvm2
- net-tools - net-tools
- openssh-server - "{{ 'openssh-server' if ssh_enabled | bool else '' }}"
- python3 - python3
- sudo - sudo
- xfsprogs - xfsprogs
@@ -153,7 +153,7 @@ bootstrap_debian12:
- neofetch - neofetch
- net-tools - net-tools
- network-manager - network-manager
- openssh-server - "{{ 'openssh-server' if ssh_enabled | bool else '' }}"
- python-is-python3 - python-is-python3
- python3 - python3
- ripgrep - ripgrep
@@ -208,7 +208,7 @@ bootstrap_debian13:
- ncdu - ncdu
- net-tools - net-tools
- network-manager - network-manager
- openssh-server - "{{ 'openssh-server' if ssh_enabled | bool else '' }}"
- python-is-python3 - python-is-python3
- python3 - python3
- ripgrep - ripgrep
@@ -412,7 +412,7 @@ bootstrap_ubuntu:
- ncurses-term - ncurses-term
- net-tools - net-tools
- network-manager - network-manager
- openssh-server - "{{ 'openssh-server' if ssh_enabled | bool else '' }}"
- python-is-python3 - python-is-python3
- python3 - python3
- ripgrep - ripgrep
@@ -475,7 +475,7 @@ bootstrap_ubuntu_lts:
- ncurses-term - ncurses-term
- net-tools - net-tools
- network-manager - network-manager
- openssh-server - "{{ 'openssh-server' if ssh_enabled | bool else '' }}"
- python-is-python3 - python-is-python3
- python3 - python3
- ripgrep - ripgrep

5
roles/configuration/tasks/services.yml
View File

@@ -4,8 +4,9 @@
{{ chroot_command }} /mnt systemctl enable NetworkManager {{ chroot_command }} /mnt systemctl enable NetworkManager
{{ ' firewalld' if firewalld_enabled | bool else '' }} {{ ' firewalld' if firewalld_enabled | bool else '' }}
{{ {{
' ssh' if os | lower in ['ubuntu', 'ubuntu-lts'] else (' ssh' if os | lower in ['ubuntu', 'ubuntu-lts'] else
(' sshd' if os | lower not in ['debian11', 'debian12', 'debian13'] else '') (' sshd' if os | lower not in ['debian11', 'debian12', 'debian13'] else ''))
if ssh_enabled | bool else ''
}} }}
{{ {{
'logrotate systemd-resolved systemd-timesyncd systemd-networkd' 'logrotate systemd-resolved systemd-timesyncd systemd-networkd'

1
roles/global_defaults/defaults/main.yml
View File

@@ -5,6 +5,7 @@ cis: false
selinux: true selinux: true
vmware_ssh: false vmware_ssh: false
firewalld_enabled: true firewalld_enabled: true
ssh_enabled: true
zstd_enabled: true zstd_enabled: true
swap_enabled: true swap_enabled: true
chroot_command: "arch-chroot" chroot_command: "arch-chroot"