From 22ba6cecc6bdc370f36ea2a71077aa3f8a9e2f67 Mon Sep 17 00:00:00 2001
From: Lars Wirzenius <liw@liw.fi>
Date: Sun, 4 Sep 2022 10:04:27 +0300
Subject: fix: drop adding hostname to /etc/hosts as an alias for 127.0.0.1

It doesn't seem to serve any useful purpose, but it bothers a Puomi
router then servers 127.0.0.1 as its own address to its DHCP clients.

Sponsored-by: author
---
 roles/sshd/tasks/main.yml | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

(limited to 'roles/sshd/tasks/main.yml')

diff --git a/roles/sshd/tasks/main.yml b/roles/sshd/tasks/main.yml
index e601969..3855e30 100644
--- a/roles/sshd/tasks/main.yml
+++ b/roles/sshd/tasks/main.yml
@@ -32,6 +32,30 @@
     dest: /etc/ssh/sshd_config.d/host_id.conf
   notify: sshd_restart
 
+- name: "Remove old host key settings from /etc/ssh/sshd_config"
+  when: sshd_host_key is defined and sshd_host_cert is defined
+  lineinfile:
+    path: /etc/ssh/sshd_config
+    state: absent
+    regex: "(?i)hostkey"
+  notify: sshd_restart
+
+- name: "Remove old host cert settings from /etc/ssh/sshd_config"
+  when: sshd_host_key is defined and sshd_host_cert is defined
+  lineinfile:
+    path: /etc/ssh/sshd_config
+    state: absent
+    regex: "(?i)hostcertificate"
+  notify: sshd_restart
+
+- name: "Remove old user CA settings from /etc/ssh/sshd_config"
+  when: sshd_host_key is defined and sshd_host_cert is defined
+  lineinfile:
+    path: /etc/ssh/sshd_config
+    state: absent
+    regex: "(?i)trustedusercakeys"
+  notify: sshd_restart
+
 - name: "Remove obsolete SSH host keys and certificates"
   when: sshd_host_key is defined and sshd_host_cert is defined
   shell: |
-- 
cgit v1.2.1