fix: order Ubuntu releases by name

willshersystems · Jun 13, 2024 · 003a20a · 003a20a
1 parent 34892fa
commit 003a20a
Show file tree

Hide file tree

Showing 5 changed files with 16 additions and 9 deletions.
diff --git a/meta/main.yml b/meta/main.yml
@@ -18,13 +18,13 @@ galaxy_info:
         - bookworm
     - name: Ubuntu
       versions:
+        - precise
+        - trusty
+        - xenial
         - bionic
         - focal
         - jammy
         - noble
-        - precise
-        - trusty
-        - xenial
     - name: FreeBSD
       versions:
         - "10.1"

diff --git a/templates/sshd.socket.j2 b/templates/sshd.socket.j2
@@ -14,12 +14,12 @@ Accept=yes
 {% else %}
 Accept=no
 {% endif %}
-{% if ansible_facts["distribution"]=="Ubuntu" and ansible_facts["distribution_version"] is version('24.04', '>=') %}
-FreeBind=yes
+{% if __sshd_socket_freebind %}
+FreeBind={{ __sshd_socket_freebind }}
 {% endif %}
 
 [Install]
 WantedBy=sockets.target
-{% if ansible_facts["distribution"]=="Ubuntu" and ansible_facts["distribution_version"] is version('24.04', '>=') %}
+{% if __ssh_socket_required_by %}
 RequiredBy=ssh.service
 {% endif %}
diff --git a/tests/tests_systemd_services.yml b/tests/tests_systemd_services.yml
@@ -94,7 +94,6 @@
         #  * I do not think the ConditionPathExists is much useful so skipping on Ubuntu
         #  * Before= does not make any sense in combination with Conflicts=
         #  * I do not think the Description needs to match verbatim either
-        #  * Accept varies in the default file between Ubuntu versions and is explicit anyway
         - name: Construct the options list from old socket file
           ansible.builtin.set_fact:
             __sshd_socket_list: "{{ __sshd_socket_list + [item] }}"
@@ -103,7 +102,6 @@
             - not item.startswith("ConditionPathExists=")
             - not item.startswith("Before=")
             - not item.startswith("Description=")
-            - not item.startswith("Accept=")
           loop:
             "{{ socket_old.splitlines() }}"
 
@@ -120,7 +118,7 @@
         - ansible_facts['service_mgr'] == 'systemd' or
           (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] == '7')
         - ansible_facts['distribution'] != "Debian" or ansible_facts['distribution_major_version'] | int < 12
-        - not (ansible_facts['distribution'] == 'Ubuntu' and ansible_facts['distribution_version'] is version('24.04', '>=')) # 24.04 has no sshd@.socket in the package
+        - not (ansible_facts['distribution'] == 'Ubuntu' and ansible_facts['distribution_version'] is version('24.04', '>=')) # 24.04 has no sshd@.service in the package
       block:
         - name: Read the distribution instantiated service file
           ansible.builtin.slurp:

diff --git a/vars/Ubuntu_24.yml b/vars/Ubuntu_24.yml
@@ -27,3 +27,6 @@ __sshd_environment_file: /etc/default/ssh
 __sshd_environment_variable: $SSHD_OPTS
 __sshd_service_after: auditd.service
 __sshd_service_alias: sshd
+
+__sshd_socket_freebind: "yes"
+__sshd_socket_required_by: ssh.service
diff --git a/vars/main.yml b/vars/main.yml
@@ -87,3 +87,9 @@ __sshd_service_restart_timeout: ~
 
 # The systemd socket file does not accept the connection
 __sshd_socket_accept: true
+
+# Boolean to control if the systemd socket can be bound to non-local IP addresses
+__sshd_socket_freebind: ~
+
+# Space separated list of service names that this socket is required by
+__sshd_socket_required_by: ~