diff --git a/.github/workflows/ansible-lint.yml b/.github/workflows/ansible-lint.yml index 845af81a..5df1ebe5 100644 --- a/.github/workflows/ansible-lint.yml +++ b/.github/workflows/ansible-lint.yml @@ -35,4 +35,4 @@ jobs: - name: Run ansible-lint uses: ansible/ansible-lint@v24 with: - working_directory: .tox/ansible_collections/${{ env.LSR_ROLE2COLL_NAMESPACE }}/${{ env.LSR_ROLE2COLL_NAME }} + working_directory: ${{ github.workspace }}/.tox/ansible_collections/${{ env.LSR_ROLE2COLL_NAMESPACE }}/${{ env.LSR_ROLE2COLL_NAME }} diff --git a/.ostree/packages-runtime-CentOS-10.txt b/.ostree/packages-runtime-CentOS-10.txt new file mode 120000 index 00000000..155c4789 --- /dev/null +++ b/.ostree/packages-runtime-CentOS-10.txt @@ -0,0 +1 @@ +packages-runtime-RedHat-10.txt \ No newline at end of file diff --git a/.ostree/packages-runtime-CentOS-6.txt b/.ostree/packages-runtime-CentOS-6.txt deleted file mode 100644 index a725f65e..00000000 --- a/.ostree/packages-runtime-CentOS-6.txt +++ /dev/null @@ -1,2 +0,0 @@ -openssh -openssh-server diff --git a/.ostree/packages-runtime-CentOS-6.txt b/.ostree/packages-runtime-CentOS-6.txt new file mode 120000 index 00000000..788aef21 --- /dev/null +++ b/.ostree/packages-runtime-CentOS-6.txt @@ -0,0 +1 @@ +packages-runtime-RedHat-6.txt \ No newline at end of file diff --git a/.ostree/packages-runtime-CentOS-7.txt b/.ostree/packages-runtime-CentOS-7.txt deleted file mode 100644 index a725f65e..00000000 --- a/.ostree/packages-runtime-CentOS-7.txt +++ /dev/null @@ -1,2 +0,0 @@ -openssh -openssh-server diff --git a/.ostree/packages-runtime-CentOS-7.txt b/.ostree/packages-runtime-CentOS-7.txt new file mode 120000 index 00000000..ad880541 --- /dev/null +++ b/.ostree/packages-runtime-CentOS-7.txt @@ -0,0 +1 @@ +packages-runtime-RedHat-7.txt \ No newline at end of file diff --git a/.ostree/packages-runtime-CentOS-8.txt b/.ostree/packages-runtime-CentOS-8.txt deleted file mode 100644 index a725f65e..00000000 --- a/.ostree/packages-runtime-CentOS-8.txt +++ /dev/null @@ -1,2 +0,0 @@ -openssh -openssh-server diff --git a/.ostree/packages-runtime-CentOS-8.txt b/.ostree/packages-runtime-CentOS-8.txt new file mode 120000 index 00000000..a038eda9 --- /dev/null +++ b/.ostree/packages-runtime-CentOS-8.txt @@ -0,0 +1 @@ +packages-runtime-RedHat-8.txt \ No newline at end of file diff --git a/.ostree/packages-runtime-CentOS-9.txt b/.ostree/packages-runtime-CentOS-9.txt deleted file mode 100644 index a725f65e..00000000 --- a/.ostree/packages-runtime-CentOS-9.txt +++ /dev/null @@ -1,2 +0,0 @@ -openssh -openssh-server diff --git a/.ostree/packages-runtime-CentOS-9.txt b/.ostree/packages-runtime-CentOS-9.txt new file mode 120000 index 00000000..d66f809e --- /dev/null +++ b/.ostree/packages-runtime-CentOS-9.txt @@ -0,0 +1 @@ +packages-runtime-RedHat-9.txt \ No newline at end of file diff --git a/.ostree/packages-runtime-RedHat-10.txt b/.ostree/packages-runtime-RedHat-10.txt new file mode 100644 index 00000000..a725f65e --- /dev/null +++ b/.ostree/packages-runtime-RedHat-10.txt @@ -0,0 +1,2 @@ +openssh +openssh-server diff --git a/.ostree/packages-testing-CentOS.txt b/.ostree/packages-testing-CentOS.txt deleted file mode 100644 index 35562c2a..00000000 --- a/.ostree/packages-testing-CentOS.txt +++ /dev/null @@ -1 +0,0 @@ -man-db diff --git a/.ostree/packages-testing-CentOS.txt b/.ostree/packages-testing-CentOS.txt new file mode 120000 index 00000000..4ec7d399 --- /dev/null +++ b/.ostree/packages-testing-CentOS.txt @@ -0,0 +1 @@ +packages-testing-RedHat.txt \ No newline at end of file diff --git a/README.md b/README.md index 8b4d9a9b..608ecd1e 100644 --- a/README.md +++ b/README.md @@ -31,7 +31,7 @@ Tested on: * [![Run tests on Ubuntu latest](https://github.com/willshersystems/ansible-sshd/actions/workflows/ansible-ubuntu.yml/badge.svg)](https://github.com/willshersystems/ansible-sshd/actions/workflows/ansible-ubuntu.yml) * Debian wheezy, jessie, stretch, buster, bullseye, bookworm * [![Run tests on Debian](https://github.com/willshersystems/ansible-sshd/actions/workflows/ansible-debian-check.yml/badge.svg)](https://github.com/willshersystems/ansible-sshd/actions/workflows/ansible-debian-check.yml) -* EL 6, 7, 8, 9 derived distributions +* EL 6, 7, 8, 9, 10 derived distributions * [![Run tests on CentOS](https://github.com/willshersystems/ansible-sshd/actions/workflows/ansible-centos-check.yml/badge.svg)](https://github.com/willshersystems/ansible-sshd/actions/workflows/ansible-centos-check.yml) * All Fedora * [![Run tests on Fedora latest](https://github.com/willshersystems/ansible-sshd/actions/workflows/ansible-fedora.yml/badge.svg)](https://github.com/willshersystems/ansible-sshd/actions/workflows/ansible-fedora.yml) diff --git a/meta/main.yml b/meta/main.yml index c8e199c2..8a776e8d 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -58,7 +58,13 @@ galaxy_info: - debian - centos - redhat + - fedora - freebsd - openbsd - aix + - el6 + - el7 + - el8 + - el9 + - el10 dependencies: [] diff --git a/vars/RedHat_10.yml b/vars/RedHat_10.yml new file mode 100644 index 00000000..c9d79197 --- /dev/null +++ b/vars/RedHat_10.yml @@ -0,0 +1,33 @@ +--- +__sshd_os_supported: true + +__sshd_packages: + - openssh + - openssh-server +__sshd_sftp_server: /usr/libexec/openssh/sftp-server +# RHEL 10 ships with drop-in directory support so we touch +# just included file with highest priority by default +__sshd_config_file: /etc/ssh/sshd_config.d/00-ansible_system_role.conf +# the defaults here represent the defaults shipped in the main sshd_config +__sshd_defaults: + Include: /etc/ssh/sshd_config.d/*.conf + AuthorizedKeysFile: .ssh/authorized_keys + Subsystem: "sftp {{ __sshd_sftp_server }}" + +__sshd_verify_hostkeys_default: + - /etc/ssh/ssh_host_rsa_key + - /etc/ssh/ssh_host_ecdsa_key + - /etc/ssh/ssh_host_ed25519_key +__sshd_hostkeys_nofips: + - /etc/ssh/ssh_host_ed25519_key + +__sshd_drop_in_dir_mode: '0700' +__sshd_main_config_file: /etc/ssh/sshd_config + +__sshd_environment_file: /etc/sysconfig/sshd +__sshd_environment_variable: $OPTIONS +__sshd_service_after: sshd-keygen.target +__sshd_service_wants: + - sshd-keygen.target + - ssh-host-keys-migration.service +__sshd_service_restart_timeout: 42s