Manage default config as block

2b949aaf · David Mehren · 5209198c · 2b949aaf
Verified Commit 2b949aaf authored Jan 15, 2020 by David Mehren
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -13,8 +13,28 @@
    state: absent
    path: /etc/ssh/moduli
- name: copy config
+- name: Check if sshf_config is already managed in blocks
+  lineinfile:
+    path: /etc/ssh/sshd_config
+    line: "#BEGIN ANSIBLE MANAGED SSH DEFAULTS"
+    state: present
+  check_mode: yes
+  register: config_no_blocks
+- name: Delete old config
+  file:
+    path: /etc/ssh/sshd_config
+    state: absent
+  when: config_no_blocks.changed
+- name: Load config template
+  set_fact:
+    sshd_config: "{{ lookup('template', 'templates/sshd_config.conf.j2') }}"
+- name: Create default config
  notify: start sshd
-  template:
+  blockinfile:
-    src: sshd_config.conf.j2
+    path: /etc/ssh/sshd_config
-    dest: /etc/ssh/sshd_config
+    block: "{{ sshd_config }}"
+    marker: "#{mark} ANSIBLE MANAGED SSH DEFAULTS"
+    create: yes