Update to 2024-03-19 12:01

roles/seafile/defaults/main.yml

@@ -11,11 +11,11 @@
 #   MaxUsers = "9"
 #   Mode = "subscription"
 #   etc...
-seafile_version: "{{ seafile_license is defined | ternary('10.0.9','11.0.5') }}"
+seafile_version: "{{ seafile_license is defined | ternary('10.0.9','11.0.6') }}"
 
 # Archive URL and sha256 are only used for the community version
 seafile_archive_url: https://s3.eu-central-1.amazonaws.com/download.seadrive.org/seafile-server_{{ seafile_version }}_x86-64.tar.gz
-seafile_archive_sha256: 47d994238519c679969a3c5591063041dc10102a6b1ac0e4d59be069c137225d
+seafile_archive_sha256: 792f5df347c07cba023ce99ca27d4c3bde36660890d34e0a2d54e6ff95a38103
 
 seafile_root_dir: /opt/seafile
 seafile_data_dir: "{{ seafile_root_dir }}/data"

roles/ssh/defaults/main.yml

@@ -71,3 +71,7 @@ sshd_max_conn_per_minute: 0
 # Use DNS. If disabled, kerb auth won't be used (as it uses DNS)
 # You might need to disable it when you need no SSH login delay even if DNS is unavailable
 sshd_use_dns: True
+
+# List of users for which no management of the SSH keys will be done by ansible (they will
+# be able to set their own ~/.ssh/authorized_keys)
+ssh_local_users: []

roles/ssh/tasks/conf.yml

@@ -1,7 +1,10 @@
 ---
 
 - name: Deploy sshd configuration
-  template: src=sshd_config.j2 dest=/etc/ssh/sshd_config
+  template:
+    src: sshd_config.j2
+    dest: /etc/ssh/sshd_config
+    validate: sshd -t -f %s
   notify: restart sshd
   tags: ssh
 

roles/ssh/templates/sshd_config.j2

@@ -57,7 +57,7 @@ X11Forwarding no
 Subsystem       sftp    internal-sftp
 
 # Local user are managed separately
-Match User root,ansible,lbkp,zimbra,zfs-recv
+Match User root,ansible,lbkp,zimbra,zfs-recv{% if ssh_local_users | length > 0 %},{{ ssh_local_users | join(',') }}{% endif +%}
   AuthorizedKeysFile /etc/ssh/authorized_keys/%u/authorized_keys %h/.ssh/authorized_keys
 
 {% for user in ssh_users | default([]) %}