From 4d1f313e6f698e4dbe23090da0720e5445de217f Mon Sep 17 00:00:00 2001
From: Sebastian Trebitz <sebastian@nephosolutions.com>
Date: Fri, 27 Mar 2020 22:56:23 +0100
Subject: [PATCH] Conditionally disable configuring SSHd

Closes nephosolutions/ansible-role-sftp-server#4
---
 README.md         | 2 ++
 defaults/main.yml | 1 +
 tasks/main.yml    | 2 ++
 3 files changed, 5 insertions(+)

diff --git a/README.md b/README.md
index 13f06c8..1f8f7e4 100644
--- a/README.md
+++ b/README.md
@@ -39,6 +39,8 @@ The following role variables are relevant:
   * `skeleton`: An optional home skeleton directory (e.g: /dev/null). Default to system defaults.
   * `home`: An optional home directory (e.g: /home/bob). Default to `sftp_home_partition/name`.
 * `sftp_nologin_shell`: The "nologin" user shell. (defaults to /sbin/nologin.)
+* `sftp_home_skeleton`: An optional home skeleton directory (e.g: /dev/null). Default to system defaults.
+* `sftp_configure_sshd`: Boolean indicating if sshd configuration should be altered. Defaults to `true`. 
 
 Notes:
 
diff --git a/defaults/main.yml b/defaults/main.yml
index ef6e45d..976490d 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -7,3 +7,4 @@ sftp_allow_passwords: False
 sftp_enable_selinux_support: False
 sftp_enable_logging: False
 sftp_nologin_shell: /sbin/nologin
+sftp_configure_sshd: true
diff --git a/tasks/main.yml b/tasks/main.yml
index 0c9aa6e..08423e7 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -21,6 +21,7 @@
     line: "Subsystem sftp internal-sftp -f AUTH -l VERBOSE"
     state: present
   notify: SFTP-Server | Restart sshd
+  when: sftp_configure_sshd
 
 - name: SFTP-Server | Ensure SELinux management package is present
   package:
@@ -51,6 +52,7 @@
           ForceCommand internal-sftp {{ sftp_enable_logging | ternary('-l VERBOSE', '') }} {{ (sftp_start_directory in sftp_directories or sftp_start_directory in sftp_directories | selectattr("name", "defined") | map(attribute='name') | list) | ternary('-d /' + sftp_start_directory, '') }}
           PasswordAuthentication {{ sftp_allow_passwords | ternary('yes', 'no') }}
   notify: SFTP-Server | Restart sshd
+  when: sftp_configure_sshd
 
 - name: SFTP-Server | Create sftp user's group
   group: