feat: Ubuntu Noble support

.github/workflows/ansible-ubuntu.yml

@@ -11,7 +11,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: ansible check with ubuntu:latest
-        uses: roles-ansible/check-ansible-ubuntu-latest-action@master
+        uses: mattwillsher/check-ansible-ubuntu-latest-action@master
         with:
           group: local
           hosts: localhost

CODE_OF_CONDUCT.md

@@ -6,7 +6,7 @@ In the interest of fostering an open and welcoming environment, we as
 contributors and maintainers pledge to making participation in our project and
 our community a harassment-free experience for everyone, regardless of age, body
 size, disability, ethnicity, sex characteristics, gender identity and expression,
-level of experience, education, socio-economic status, nationality, personal
+level of experience, education, socioeconomic status, nationality, personal
 appearance, race, religion, or sexual identity and orientation.
 
 ## Our Standards

README.md

@@ -27,7 +27,7 @@ via simple password. If you need this functionality, be sure to set
 
 Tested on:
 
-* Ubuntu precise, trusty, xenial, bionic, focal, jammy
+* Ubuntu precise, trusty, xenial, bionic, focal, jammy, nobel
   * [![Run tests on Ubuntu latest](https://github.com/willshersystems/ansible-sshd/actions/workflows/ansible-ubuntu.yml/badge.svg)](https://github.com/willshersystems/ansible-sshd/actions/workflows/ansible-ubuntu.yml)
 * Debian wheezy, jessie, stretch, buster, bullseye, bookworm
   * [![Run tests on Debian](https://github.com/willshersystems/ansible-sshd/actions/workflows/ansible-debian-check.yml/badge.svg)](https://github.com/willshersystems/ansible-sshd/actions/workflows/ansible-debian-check.yml)

handlers/main.yml

@@ -10,7 +10,7 @@
     - ansible_connection != 'chroot'
     - ansible_facts['os_family'] != 'AIX'
     - ansible_facts['os_family'] != 'OpenWrt'
-  listen: reload_sshd
+  listen: Reload_sshd
 
 # sshd on AIX cannot be 'reloaded', it must be Stopped+Started.
 # It's dangerous to do this in two tasks.. you're stopping SSH and then trying to SSH back in to start it.
@@ -25,7 +25,7 @@
     stopsrc -s sshd
     until $(lssrc -s sshd | grep -q inoperative); do sleep 1; done
     startsrc -s sshd
-  listen: reload_sshd
+  listen: Reload_sshd
   changed_when: false
   when:
     - sshd_allow_reload|bool
@@ -39,4 +39,4 @@
   when:
     - sshd_allow_reload|bool
     - ansible_facts['os_family'] == 'OpenWrt'
-  listen: reload_sshd
+  listen: Reload_sshd

meta/main.yml

@@ -24,6 +24,7 @@ galaxy_info:
         - bionic
         - focal
         - jammy
+        - noble
     - name: FreeBSD
       version:
         - "10.1"

tasks/install.yml

@@ -22,7 +22,7 @@
   when:
     - sshd_sysconfig | bool
     - __sshd_sysconfig_supports_use_strong_rng or __sshd_sysconfig_supports_crypto_policy
-  notify: reload_sshd
+  notify: Reload_sshd
 
 - name: Check FIPS mode
   ansible.builtin.include_tasks: check_fips.yml

tasks/install_config.yml

@@ -24,7 +24,7 @@
         {{ sshd_binary }} -t -f %s
       {% endif %}
     backup: "{{ sshd_backup }}"
-  notify: reload_sshd
+  notify: Reload_sshd
 
 - name: Make sure the include path is present in the main sshd_config
   ansible.builtin.lineinfile:
@@ -43,7 +43,7 @@
         {{ sshd_binary }} -t -f %s
       {% endif %}
     backup: "{{ sshd_backup }}"
-  notify: reload_sshd
+  notify: Reload_sshd
   when:
     - sshd_main_config_file is not none
     - sshd_config_file | dirname == sshd_main_config_file ~ '.d'

tasks/install_namespace.yml

@@ -21,4 +21,4 @@
         {{ sshd_binary }} -t -f %s
       {% endif %}
     backup: "{{ sshd_backup }}"
-  notify: reload_sshd
+  notify: Reload_sshd

tasks/install_service.yml

@@ -12,7 +12,7 @@
         owner: root
         group: root
         mode: "0644"
-      notify: reload_sshd
+      notify: Reload_sshd
 
     - name: Install instanced service unit file
       ansible.builtin.template:
@@ -21,7 +21,7 @@
         owner: root
         group: root
         mode: "0644"
-      notify: reload_sshd
+      notify: Reload_sshd
       when:
         - __sshd_socket_accept | bool
 
@@ -32,7 +32,7 @@
         owner: root
         group: root
         mode: "0644"
-      notify: reload_sshd
+      notify: Reload_sshd
 
 - name: Service enabled and running
   ansible.builtin.service:

tests/tests_all_options.yml

@@ -93,7 +93,7 @@
           | grep -o '^\(     \|       \)[A-Z][A-Za-z0-9]*\(.\|  \)' \
           | grep -v "[A-Za-z0-9] $" | grep -v "[^A-Za-z0-9 ]$" \
           | awk '{ print $1 }' \
-          | grep -v '^$' | grep -v "^\(Match\|OpenSSH\|The\|Arguments\|Theo\)$"
+          | grep -v '^$' | grep -v "^\(Match\|OpenSSH\|The\|Arguments\|Theo\|Tatu\|Aaron\)$"
       args:
         executable: /bin/bash
       register: sshd_options

vars/Ubuntu_22.yml

@@ -14,6 +14,7 @@ __sshd_defaults:
   Include: /etc/ssh/sshd_config.d/*.conf
   KbdInteractiveAuthentication: false
   UsePAM: true
+  PrintMotd: false
   AcceptEnv: LANG LC_*
   Subsystem: "sftp  /usr/lib/openssh/sftp-server"
 

vars/Ubuntu_24.yml

@@ -0,0 +1,29 @@
+---
+__sshd_os_supported: true
+
+__sshd_service: ssh
+__sshd_packages:
+  - openssh-server
+  - openssh-sftp-server
+# Ubuntu 22.04 shipped with drop-in directory support so we touch
+# just included file with highest priority by default
+__sshd_config_file: /etc/ssh/sshd_config.d/00-ansible_system_role.conf
+__sshd_config_mode: "0644"
+# the defaults here represent the defaults shipped in the main sshd_config
+__sshd_defaults:
+  Include: /etc/ssh/sshd_config.d/*.conf
+  KbdInteractiveAuthentication: false
+  UsePAM: true
+  PrintMotd: false
+  AcceptEnv: LANG LC_*
+  Subsystem: "sftp  /usr/lib/openssh/sftp-server"
+
+__sshd_runtime_directory: sshd
+
+__sshd_drop_in_dir_mode: '0755'
+__sshd_main_config_file: /etc/ssh/sshd_config
+
+__sshd_environment_file: /etc/default/ssh
+__sshd_environment_variable: $SSHD_OPTS
+__sshd_service_after: auditd.service
+__sshd_service_alias: sshd