From 404f8b3aaefc1fc768f968fa8052119f7fc73ef7 Mon Sep 17 00:00:00 2001
From: Evangelos Foutras <evangelos@foutras.com>
Date: Sun, 13 Aug 2023 22:00:34 +0300
Subject: [PATCH] sshd: remove support for custom ssh.d directory

The same drop-in functionality is now provided by the openssh package
via /etc/ssh/sshd_config.d/.
---
 host_vars/aur.archlinux.org/misc    | 1 -
 playbooks/tasks/install_arch.yml    | 1 -
 roles/aurweb/tasks/main.yml         | 2 +-
 roles/sshd/defaults/main.yml        | 2 --
 roles/sshd/tasks/main.yml           | 4 ----
 roles/sshd/templates/sshd_config.j2 | 4 ----
 6 files changed, 1 insertion(+), 13 deletions(-)
 delete mode 100644 roles/sshd/defaults/main.yml

diff --git a/host_vars/aur.archlinux.org/misc b/host_vars/aur.archlinux.org/misc
index dca530c0..ad7a3de9 100644
--- a/host_vars/aur.archlinux.org/misc
+++ b/host_vars/aur.archlinux.org/misc
@@ -5,6 +5,5 @@ fail2ban_jails:
   dovecot: false
   nginx_limit_req: true
 memcached_socket: "/run/memcached/aurweb.sock"
-sshd_enable_includes: true
 wireguard_address: 10.0.0.2
 wireguard_public_key: TPLeGQ7qU6ZNtcgDbEV0SSYScvK+XS5igcPdGSXo6UA=
diff --git a/playbooks/tasks/install_arch.yml b/playbooks/tasks/install_arch.yml
index 1f9978b0..d04a8763 100644
--- a/playbooks/tasks/install_arch.yml
+++ b/playbooks/tasks/install_arch.yml
@@ -8,4 +8,3 @@
     - install_arch
   vars:
     - bootstrap_version: "latest"
-    - sshd_enable_includes: false
diff --git a/roles/aurweb/tasks/main.yml b/roles/aurweb/tasks/main.yml
index 28a2f4aa..a7e11815 100644
--- a/roles/aurweb/tasks/main.yml
+++ b/roles/aurweb/tasks/main.yml
@@ -317,7 +317,7 @@
   become_user: "{{ aurweb_user }}"
 
 - name: Configure sshd
-  template: src=aurweb_config.j2 dest={{ sshd_includes_dir }}/aurweb_config owner=root group=root mode=0600 validate='/usr/sbin/sshd -t -f %s'
+  template: src=aurweb_config.j2 dest=/etc/ssh/sshd_config.d/aurweb.conf owner=root group=root mode=0600 validate='/usr/sbin/sshd -t -f %s'
   notify:
     - Restart sshd
 
diff --git a/roles/sshd/defaults/main.yml b/roles/sshd/defaults/main.yml
deleted file mode 100644
index b50e991b..00000000
--- a/roles/sshd/defaults/main.yml
+++ /dev/null
@@ -1,2 +0,0 @@
-sshd_includes_dir: '/etc/ssh/ssh.d'
-sshd_enable_includes: false
diff --git a/roles/sshd/tasks/main.yml b/roles/sshd/tasks/main.yml
index 1b05d296..37f9b63e 100644
--- a/roles/sshd/tasks/main.yml
+++ b/roles/sshd/tasks/main.yml
@@ -9,10 +9,6 @@
 - name: Install motd
   template: src=motd.j2 dest=/etc/motd owner=root group=root mode=0644
 
-- name: Create the includes dir
-  file: path="{{ sshd_includes_dir }}" state=directory mode=0755
-  when: sshd_enable_includes
-
 - name: Start and enable sshd
   service: name=sshd enabled=yes state=started
 
diff --git a/roles/sshd/templates/sshd_config.j2 b/roles/sshd/templates/sshd_config.j2
index f06e3542..ba5fa195 100644
--- a/roles/sshd/templates/sshd_config.j2
+++ b/roles/sshd/templates/sshd_config.j2
@@ -117,10 +117,6 @@ Subsystem	sftp	/usr/lib/ssh/sftp-server
 # unlink forwarded sockets; for gpg agent forwarding
 StreamLocalBindUnlink yes
 
-{% if sshd_enable_includes %}
-Include {{ sshd_includes_dir }}/*
-{% endif -%}
-
 # Example of overriding settings on a per-user basis
 #Match User anoncvs
 #	X11Forwarding no