From 70653134408ddce0552ae4a07f8f9acf739517ef Mon Sep 17 00:00:00 2001
From: Daniel Berteaud <dbd@ehtrace.com>
Date: Mon, 10 Jun 2024 14:01:02 +0200
Subject: [PATCH] Update to 2024-06-10 14:01

---
 roles/ssh/defaults/main.yml        | 3 +++
 roles/ssh/templates/sshd_config.j2 | 4 ++++
 2 files changed, 7 insertions(+)

diff --git a/roles/ssh/defaults/main.yml b/roles/ssh/defaults/main.yml
index 320898f..2964f54 100644
--- a/roles/ssh/defaults/main.yml
+++ b/roles/ssh/defaults/main.yml
@@ -75,3 +75,6 @@ sshd_use_dns: True
 # List of users for which no management of the SSH keys will be done by ansible (they will
 # be able to set their own ~/.ssh/authorized_keys)
 ssh_local_users: []
+
+# Optional list of custom sshd_config options
+sshd_custom_options: {}
diff --git a/roles/ssh/templates/sshd_config.j2 b/roles/ssh/templates/sshd_config.j2
index a3db0c4..3ee2de8 100644
--- a/roles/ssh/templates/sshd_config.j2
+++ b/roles/ssh/templates/sshd_config.j2
@@ -56,6 +56,10 @@ AcceptEnv LC_PVE_*
 X11Forwarding no
 Subsystem       sftp    internal-sftp
 
+{% for directive in sshd_custom_options.keys() | list %}
+{{ directive }} {{ sshd_custom_options[directive] }}
+{% endfor %}
+
 # Local user are managed separately
 Match User root,ansible,lbkp,zimbra,zfs-recv{% if ssh_local_users | length > 0 %},{{ ssh_local_users | join(',') }}{% endif +%}
   AuthorizedKeysFile /etc/ssh/authorized_keys/%u/authorized_keys %h/.ssh/authorized_keys