diff --git a/.dev-tools/10_top.j2 b/.dev-tools/10_top.j2 index 3ffe9b10..e51cb1d2 100644 --- a/.dev-tools/10_top.j2 +++ b/.dev-tools/10_top.j2 @@ -1,7 +1,7 @@ {{ ansible_managed | comment }} {{ "system_role:ssh" | comment(prefix="", postfix="") }} {% macro render_option(key, value, indent=false) %} -{% if value is defined %} +{% if value is defined and value is not none %} {% if value is sameas true %} {% if indent %} {% endif %} {{ key }} yes @@ -13,22 +13,28 @@ {{ key }} {{ value | string }} {% else %} {% for i in value %} -{% if indent %} {% endif %} +{% if i is none %} +{{- '' -}} +{% else %} +{% if indent %} {% endif %} {{ key }} {{ i | string }} +{% endif %} {% endfor %} {% endif %} +{% else %} +{{- '' -}} {% endif %} {% endmacro %} {% macro body_option(key, override) %} -{% set value = undefined %} -{% if override is defined %} -{% set value = override %} -{% elif ssh[key] is defined %} -{% set value = ssh[key] %} +{% if override is defined and override is not none %} +{{ render_option(key, override) -}} +{% elif ssh[key] is defined and ssh[key] is not none %} +{{ render_option(key, ssh[key]) -}} {% elif __ssh_defaults[key] is defined and not __ssh_skip_defaults | trim | bool %} -{% set value = __ssh_defaults[key] %} +{{ render_option(key, __ssh_defaults[key]) -}} +{% else %} +{{- '' -}} {% endif %} -{{ render_option(key, value) -}} {% endmacro %} {% macro match_block(match_list) %} {% if match_list["Condition"] is defined %} diff --git a/tasks/main.yml b/tasks/main.yml index 68361eb8..7cbe5a65 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -58,61 +58,27 @@ owner: "{{ __ssh_config_owner | trim }}" group: "{{ __ssh_config_group | trim }}" mode: "{{ __ssh_config_mode | trim }}" - validate: >- - {% if __ssh_supports_validate %} - ssh -G -F %s example.com - {% else %} - true %s - {% endif %} + validate: "{{ __ssh_supports_validate | ternary('ssh -G -F %s example.com', 'true %s') }}" backup: "{{ ssh_backup }}" vars: - __ssh_skip_defaults: >- - {% if ssh_skip_defaults != 'auto' %} - {{ ssh_skip_defaults }} - {% elif ssh_user is not none %} - true - {% else %} - {% if ssh_drop_in_name is not none and __ssh_supports_drop_in %} - true - {% else %} - false - {% endif %} - {% endif %} - __ssh_config_file: >- - {% if ssh_config_file is not none %} - {{ ssh_config_file }} - {% elif ssh_user is not none and - ansible_facts['getent_passwd'] is defined %} - {{ ansible_facts['getent_passwd'][ssh_user][4] }}/.ssh/config - {% else %} - {% if ssh_drop_in_name is not none and __ssh_supports_drop_in %} - {{ __ssh_drop_in_template | replace("{name}", ssh_drop_in_name) }} - {% else %} - /etc/ssh/ssh_config - {% endif %} - {% endif %} - __ssh_config_owner: >- - {% if ssh_config_owner is not none %} - {{ ssh_config_owner }} - {% elif ssh_user is not none %} - {{ ssh_user }} - {% else %} - root - {% endif %} - __ssh_config_group: >- - {% if ssh_config_group is not none %} - {{ ssh_config_group }} - {% elif ssh_user is not none and - ansible_facts['getent_passwd'] is defined %} - {{ ssh_user }} - {% else %} - root - {% endif %} - __ssh_config_mode: >- - {% if ssh_config_mode is not none %} - {{ ssh_config_mode }} - {% elif ssh_user is not none %} - 600 - {% else %} - 644 - {% endif %} + __ssh_skip_defaults: "{{ ssh_skip_defaults if ssh_skip_defaults != 'auto' + else (ssh_user is not none) or + (ssh_drop_in_name is not none and __ssh_supports_drop_in) }}" + __ssh_config_file: "{{ ssh_config_file + if ssh_config_file is not none + else + ansible_facts['getent_passwd'][ssh_user][4] ~ '/.ssh/config' + if ssh_user is not none and ansible_facts['getent_passwd'] is defined + else + __ssh_drop_in_template | replace('{name}', ssh_drop_in_name) + if ssh_drop_in_name is not none and __ssh_supports_drop_in + else '/etc/ssh/ssh_config' }}" + __ssh_config_owner: "{{ ssh_config_owner if ssh_config_owner is not none + else ssh_user if ssh_user is not none + else 'root' }}" + __ssh_config_group: "{{ ssh_config_group if ssh_config_group is not none + else ssh_user if ssh_user is not none and ansible_facts['getent_passwd'] is defined + else 'root' }}" + __ssh_config_mode: "{{ ssh_config_mode if ssh_config_mode is not none + else '0600' if ssh_user is not none + else '0644' }}" diff --git a/templates/ssh_config.j2 b/templates/ssh_config.j2 index a875ae0f..9eb43e95 100644 --- a/templates/ssh_config.j2 +++ b/templates/ssh_config.j2 @@ -1,7 +1,7 @@ {{ ansible_managed | comment }} {{ "system_role:ssh" | comment(prefix="", postfix="") }} {% macro render_option(key, value, indent=false) %} -{% if value is defined %} +{% if value is defined and value is not none %} {% if value is sameas true %} {% if indent %} {% endif %} {{ key }} yes @@ -13,22 +13,28 @@ {{ key }} {{ value | string }} {% else %} {% for i in value %} -{% if indent %} {% endif %} +{% if i is none %} +{{- '' -}} +{% else %} +{% if indent %} {% endif %} {{ key }} {{ i | string }} +{% endif %} {% endfor %} {% endif %} +{% else %} +{{- '' -}} {% endif %} {% endmacro %} {% macro body_option(key, override) %} -{% set value = undefined %} -{% if override is defined %} -{% set value = override %} -{% elif ssh[key] is defined %} -{% set value = ssh[key] %} +{% if override is defined and override is not none %} +{{ render_option(key, override) -}} +{% elif ssh[key] is defined and ssh[key] is not none %} +{{ render_option(key, ssh[key]) -}} {% elif __ssh_defaults[key] is defined and not __ssh_skip_defaults | trim | bool %} -{% set value = __ssh_defaults[key] %} +{{ render_option(key, __ssh_defaults[key]) -}} +{% else %} +{{- '' -}} {% endif %} -{{ render_option(key, value) -}} {% endmacro %} {% macro match_block(match_list) %} {% if match_list["Condition"] is defined %} diff --git a/tests/tests_backup.yml b/tests/tests_backup.yml index 19d10dd0..95c258ea 100644 --- a/tests/tests_backup.yml +++ b/tests/tests_backup.yml @@ -40,7 +40,7 @@ ssh_ForwardX11Trusted: 'yes' # noqa var-naming register: second_run - - name: Find new backups files + - name: Find new backups files again ansible.builtin.find: paths: "{{ main_ssh_config_path }}" patterns: "{{ main_ssh_config_name }}.*@*~"