Merge pull request #72 from zxyz/bookworm

systemli · Jul 23, 2023 · 6fcc262 · 6fcc262
2 parents f62aab0 + 83bbfb1
commit 6fcc262
Show file tree

Hide file tree

Showing 6 changed files with 15 additions and 101 deletions.
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -18,4 +18,6 @@ on:
 jobs:
   integration:
     name: Integration
-    uses: systemli/github-ansible-workflow/.github/workflows/[email protected]
+    uses: systemli/github-ansible-workflow/.github/workflows/ansible-integration-workflow.yaml@main
+    with:
+      distros: '[ "debian11", "debian12", "ubuntu2004", "ubuntu2204" ]'
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -26,6 +26,7 @@ sshd_ignore_rhosts: "yes"
 sshd_hostbased_authentication: "no"
 sshd_permit_empty_passwords: "no"
 sshd_challenge_response_authentication: "no"
+sshd_kbd_interactive_authentication: "no"
 sshd_x11_forwarding: "no"
 sshd_x11_display_offset: 10
 sshd_print_motd: "no"

diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml
@@ -1,19 +1,13 @@
 ---
 driver:
   name: vagrant
-  provider:
-    name: virtualbox
 platforms:
-  - name: buster64
-    box: debian/buster64
-  - name: bullseye64
+  - name: debian12
+    box: debian/bookworm64
+  - name: debian11
     box: debian/bullseye64
-lint: |
-  set -e
-  yamllint .
-  ansible-lint --exclude molecule/default/tests
 provisioner:
   name: ansible
+  ansible_args:
+    - --diff
   become: true
-verifier:
-  name: goss
diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -1,5 +1,4 @@
 ---
-
 - name: Ensure openssh-server is present
   apt:
     pkg: openssh-server

diff --git a/templates/sshd_config.j2 b/templates/sshd_config.j2
@@ -1,5 +1,4 @@
-#	{{ sshd_header }}
-
+{{ ansible_managed | comment }}
 # This is the sshd server system-wide configuration file.  See
 # sshd_config(5) for more information.
 
@@ -10,7 +9,7 @@
 # possible, but leave them commented.  Uncommented options override the
 # default value.
 
-{% if ansible_distribution_release == "bullseye" %}
+{% if ansible_distribution_version | int >= 11 and ansible_distribution == 'Debian' %}
 Include /etc/ssh/sshd_config.d/*.conf
 
 {% endif %}
@@ -74,7 +73,11 @@ PermitEmptyPasswords {{ sshd_permit_empty_passwords }}
 
 # Change to yes to enable challenge-response passwords (beware issues with
 # some PAM modules and threads)
+{% if ansible_distribution_version | int >= 12 and ansible_distribution == 'Debian' %}
+KbdInteractiveAuthentication {{ sshd_kbd_interactive_authentication }}
+{% else %}
 ChallengeResponseAuthentication {{ sshd_challenge_response_authentication }}
+{% endif %}
 
 # Kerberos options
 #KerberosAuthentication no
@@ -151,8 +154,6 @@ AllowUsers {{ sshd_allow_users|join(" ") }}
 AllowGroups {{ sshd_allow_groups|join(" ") }}
 {% endif %}
 
-{% if ansible_distribution == 'Debian' or (ansible_distribution == 'Ubuntu' and ansible_distribution_version is version('14.04', '>' )) %}
 # Specifies whether to remove an existing Unix-domain socket file for
 # local or remote port forwarding before creating a new one.
 StreamLocalBindUnlink {{ sshd_stream_local_bind_unlink }}
-{% endif %}