[FIX] sshd_config broken with root only and centos sftp

tasks/borgbackup.yml

@@ -10,7 +10,12 @@
   with_first_found:
     - "borgbackup-{{ ansible_distribution }}.{{ ansible_distribution_release }}.yml"
     - "borgbackup-{{ ansible_distribution }}.yml"
-    - "borgbackup-{{ ansible_os_family }}.yml"
+    - "borgbackup-{{ (override_os_family is defined) | ternary(override_os_family,ansible_os_family) }}.yml"
+  ignore_errors: true
+  when:
+    - borgbackup_passphrase is defined
+    - borgbackup_repo is defined
+    - borgbackup_hostname is defined
 
 # copy backup script and enable cronjob
 - name: borgbackup - Copy Borgbackup script

tasks/cronmails-Centos.yml

@@ -9,5 +9,34 @@
     state: present
   vars:
     packages:
-      - exim4
-      - mailutils
+      - exim
+
+# Configure exim
+- name: cronmails - Create exim config folder
+  become: yes
+  file:
+    path: /etc/exim
+    state: directory
+# TODO: exim config works quite differently on CentOS compared to Debian!!!
+# # - name: cronmails - Copy exim config template
+# #   become: yes
+# #   copy:
+# #     src: "{{ role_path }}/files/exim4.conf.template"
+# #     dest: /etc/exim/exim.conf.template
+# #   register: cronmails_conftmp_update
+# # - name: cronmails - Copy exim config file
+# #   become: yes
+# #   template:
+# #     src: "{{ role_path }}/templates/update-exim4.conf.conf"
+# #     dest: /etc/exim/update-exim.conf.conf
+# #   register: cronmails_conffile_update
+# # - name: cronmails - Run update-exim.conf
+# #   become: yes
+# #   shell: "update-exim.conf"
+# #   when: cronmails_conftmp_update.changed or cronmails_conffile_update.changed
+# - name: cronmails - Enable and start exim
+#   become: yes
+#   service:
+#     name: exim
+#     state: started
+#     enabled: yes

tasks/cronmails-Debian.yml

@@ -11,3 +11,32 @@
     packages:
       - exim4
       - mailutils
+
+# Configure exim
+- name: cronmails - Create exim4 config folder
+  become: yes
+  file:
+    path: /etc/exim4
+    state: directory
+- name: cronmails - Copy exim4 config template
+  become: yes
+  copy:
+    src: "{{ role_path }}/files/exim4.conf.template"
+    dest: /etc/exim4/exim4.conf.template
+  register: cronmails_conftmp_update
+- name: cronmails - Copy exim4 config file
+  become: yes
+  template:
+    src: "{{ role_path }}/templates/update-exim4.conf.conf"
+    dest: /etc/exim4/update-exim4.conf.conf
+  register: cronmails_conffile_update
+- name: cronmails - Run update-exim4.conf
+  become: yes
+  shell: "update-exim4.conf"
+  when: cronmails_conftmp_update.changed or cronmails_conffile_update.changed
+- name: cronmails - Enable and start exim4
+  become: yes
+  service:
+    name: exim4
+    state: started
+    enabled: yes

tasks/cronmails.yml

@@ -7,36 +7,7 @@
   with_first_found:
     - "cronmails-{{ ansible_distribution }}.{{ ansible_distribution_release }}.yml"
     - "cronmails-{{ ansible_distribution }}.yml"
-    - "cronmails-{{ ansible_os_family }}.yml"
-
-# Configure exim
-- name: cronmails - Create exim4 config folder
-  become: yes
-  file:
-    path: /etc/exim4
-    state: directory
-- name: cronmails - Copy exim4 config template
-  become: yes
-  copy:
-    src: "{{ role_path }}/files/exim4.conf.template"
-    dest: /etc/exim4/exim4.conf.template
-  register: cronmails_conftmp_update
-- name: cronmails - Copy exim4 config file
-  become: yes
-  template:
-    src: "{{ role_path }}/templates/update-exim4.conf.conf"
-    dest: /etc/exim4/update-exim4.conf.conf
-  register: cronmails_conffile_update
-- name: cronmails - Run update-exim4.conf
-  become: yes
-  shell: "update-exim4.conf"
-  when: cronmails_conftmp_update.changed or cronmails_conffile_update.changed
-- name: cronmails - Enable and start exim4
-  become: yes
-  service:
-    name: exim4
-    state: started
-    enabled: yes
+    - "cronmails-{{ (override_os_family is defined) | ternary(override_os_family,ansible_os_family) }}.yml"
 
 # Set crobjob env variables/ settings
 - name: cronmails - Crontab set path

tasks/setup.yml

@@ -4,8 +4,8 @@
 # SSH
 - name: setup - Copy sshd_config
   become: yes
-  copy:
-    src: "{{ role_path }}/files/sshd_config"
+  template:
+    src: "{{ role_path }}/templates/sshd_config.j2"
     dest: "/etc/ssh/sshd_config"
     backup: yes
   notify:

tasks/telegraf-Centos.yml

@@ -5,11 +5,11 @@
   become: yes
   yum_repository:
     name: influxdb
-    description: "InfluxDB Repository - RHEL \$releasever"
-    baseurl: "https://repos.influxdata.com/rhel/\$releasever/\$basearch/stable"
+    description: InfluxDB Repository
+    baseurl: https://repos.influxdata.com/rhel/\$releasever/\$basearch/stable
     enabled: yes
     gpgcheck: yes
-    gpgkey: "https://repos.influxdata.com/influxdb.key"
+    gpgkey: https://repos.influxdata.com/influxdb.key
 - name: telegraf - Install telegraf
   become: yes
   yum:

tasks/telegraf.yml

@@ -7,7 +7,7 @@
   with_first_found:
     - "telegraf-{{ ansible_distribution }}.{{ ansible_distribution_release }}.yml"
     - "telegraf-{{ ansible_distribution }}.yml"
-    - "telegraf-{{ ansible_os_family }}.yml"
+    - "telegraf-{{ (override_os_family is defined) | ternary(override_os_family,ansible_os_family) }}.yml"
 
 # Configure
 - name: telegraf - Copy telegraf config

templates/sshd_config.j2

@@ -18,7 +18,11 @@ LogLevel VERBOSE
 
 # Authentication:
 #LoginGraceTime 2m
+{% if 'root' == ansible_user_id %}
+PermitRootLogin yes
+{% else %}
 PermitRootLogin no
+{% endif %}
 #StrictModes yes
 MaxAuthTries 2
 MaxSessions 2
@@ -59,7 +63,11 @@ UseDNS no
 AcceptEnv LANG LC_*
 
 # Log sftp level file access (read/write/etc.) that would not be easily logged otherwise.
+{% if ((override_os_family is defined) | ternary(override_os_family,ansible_os_family)) == 'Centos' %}
+Subsystem sftp  /usr/libexec/openssh/sftp-server -f AUTHPRIV -l INFO
+{% else %}
 Subsystem sftp  /usr/lib/openssh/sftp-server -f AUTHPRIV -l INFO
+{% endif %}
 
 # Example of overriding settings on a per-user basis
 #Match User anoncvs