Moves vars/main.yml vars into defaults/main.yml

conorsch · conorsch · commit 4e6d7362718c · 2016-03-13T19:17:23.000-07:00
Exposes vars for manipulation by role/playbook tasks.
Does not change any default functionality of the role.
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -77,3 +77,60 @@ sftp_chroot_dir: /home/%u
 
 # enable experimental client roaming
 ssh_client_roaming: false
+
+
+ssh_ps53: 'yes'
+ssh_ps59: 'sandbox'
+
+ssh_macs_53_default:
+  - hmac-ripemd160
+  - hmac-sha1
+
+ssh_macs_59_default:
+  - hmac-sha2-512
+  - hmac-sha2-256
+  - hmac-ripemd160
+
+ssh_macs_59_weak: "{{ ssh_macs_59_default + ['hmac-sha1'] }}"
+
+ssh_macs_66_default:
+  - hmac-sha2-512-etm@openssh.com
+  - hmac-sha2-256-etm@openssh.com
+  - hmac-ripemd160-etm@openssh.com
+  - umac-128-etm@openssh.com
+  - hmac-sha2-512
+  - hmac-sha2-256
+  - hmac-ripemd160
+
+ssh_macs_66_weak: "{{ ssh_macs_66_default + ['hmac-sha1'] }}"
+
+ssh_ciphers_53_default:
+  - aes256-ctr
+  - aes192-ctr
+  - aes128-ctr
+
+ssh_ciphers_53_weak: "{{ ssh_ciphers_53_default + ['aes256-cbc', 'aes192-cbc', 'aes128-cbc'] }}"
+
+ssh_ciphers_66_default:
+  - chacha20-poly1305@openssh.comi
+  - aes256-gcm@openssh.com
+  - aes128-gcm@openssh.com
+  - aes256-ctr
+  - aes192-ctr
+  - aes128-ctr
+
+ssh_ciphers_66_weak: "{{ ssh_ciphers_66_default + ['aes256-cbc', 'aes192-cbc', 'aes128-cbc'] }}"
+
+ssh_kex_59_default:
+  - diffie-hellman-group-exchange-sha256
+
+ssh_kex_59_weak: "{{ ssh_kex_59_default + ['diffie-hellman-group14-sha1', 'diffie-hellman-group-exchange-sha1', 'diffie-hellman-group1-sha1'] }}"
+
+ssh_kex_66_default:
+  - curve25519-sha256@libssh.org
+  - diffie-hellman-group-exchange-sha256
+
+ssh_kex_66_weak: "{{ ssh_kex_66_default + ['diffie-hellman-group14-sha1', 'diffie-hellman-group-exchange-sha1', 'diffie-hellman-group1-sha1'] }}"
+
+# directory where to store ssh_password policy
+ssh_custom_selinux_dir: '/etc/selinux/local-policies'
diff --git a/vars/main.yml b/vars/main.yml
@@ -1,55 +0,0 @@
-ssh_ps53: 'yes'
-ssh_ps59: 'sandbox'
-
-ssh_macs_53_default:
-  - hmac-ripemd160
-  - hmac-sha1
-
-ssh_macs_59_default:
-  - hmac-sha2-512
-  - hmac-sha2-256
-  - hmac-ripemd160
-
-ssh_macs_59_weak: "{{ ssh_macs_59_default + ['hmac-sha1'] }}"
-
-ssh_macs_66_default:
-  - hmac-sha2-512-etm@openssh.com
-  - hmac-sha2-256-etm@openssh.com
-  - hmac-ripemd160-etm@openssh.com
-  - umac-128-etm@openssh.com
-  - hmac-sha2-512
-  - hmac-sha2-256
-  - hmac-ripemd160
-
-ssh_macs_66_weak: "{{ ssh_macs_66_default + ['hmac-sha1'] }}"
-
-ssh_ciphers_53_default:
-  - aes256-ctr
-  - aes192-ctr
-  - aes128-ctr
-
-ssh_ciphers_53_weak: "{{ ssh_ciphers_53_default + ['aes256-cbc', 'aes192-cbc', 'aes128-cbc'] }}"
-
-ssh_ciphers_66_default:
-  - chacha20-poly1305@openssh.comi
-  - aes256-gcm@openssh.com
-  - aes128-gcm@openssh.com
-  - aes256-ctr
-  - aes192-ctr
-  - aes128-ctr
-
-ssh_ciphers_66_weak: "{{ ssh_ciphers_66_default + ['aes256-cbc', 'aes192-cbc', 'aes128-cbc'] }}"
-
-ssh_kex_59_default:
-  - diffie-hellman-group-exchange-sha256
-
-ssh_kex_59_weak: "{{ ssh_kex_59_default + ['diffie-hellman-group14-sha1', 'diffie-hellman-group-exchange-sha1', 'diffie-hellman-group1-sha1'] }}"
-
-ssh_kex_66_default:
-  - curve25519-sha256@libssh.org
-  - diffie-hellman-group-exchange-sha256
-
-ssh_kex_66_weak: "{{ ssh_kex_66_default + ['diffie-hellman-group14-sha1', 'diffie-hellman-group-exchange-sha1', 'diffie-hellman-group1-sha1'] }}"
-
-# directory where to store ssh_password policy
-ssh_custom_selinux_dir: '/etc/selinux/local-policies'
