From 019ce6ca7ca0be473299d7e42215b7bd136d0c04 Mon Sep 17 00:00:00 2001
From: Robert Kaussow <mail@thegeeklab.de>
Date: Mon, 16 Sep 2024 10:23:43 +0200
Subject: [PATCH] fix: add task to set seport accordingly

---
 tasks/ssh_default.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/tasks/ssh_default.yml b/tasks/ssh_default.yml
index 1e07e65..272eb6d 100644
--- a/tasks/ssh_default.yml
+++ b/tasks/ssh_default.yml
@@ -41,3 +41,13 @@
     group: root
     mode: "0640"
   when: ('crypto-policies' in ansible_facts.packages)
+
+- name: Ensure seport matches sshd config
+  seport:
+    ports: "{{ sshd_port }}"
+    proto: "tcp"
+    setype: "ssh_port_t"
+    state: "present"
+  when:
+    - ansible_selinux is defined
+    - ansible_selinux.status == "enabled"