From 3b040fac09eb158caf963d7c956610f99f8e0c17 Mon Sep 17 00:00:00 2001
From: Johannes Stoelp <johannes.stoelp@gmail.com>
Date: Mon, 5 Dec 2022 21:42:17 +0100
Subject: initial ansible setup

---
 roles/sshd/handlers/main.yml |  6 ++++++
 roles/sshd/tasks/main.yml    | 13 +++++++++++++
 2 files changed, 19 insertions(+)
 create mode 100644 roles/sshd/handlers/main.yml
 create mode 100644 roles/sshd/tasks/main.yml

(limited to 'roles/sshd')

diff --git a/roles/sshd/handlers/main.yml b/roles/sshd/handlers/main.yml
new file mode 100644
index 0000000..429dd83
--- /dev/null
+++ b/roles/sshd/handlers/main.yml
@@ -0,0 +1,6 @@
+---
+- name: Restart sshd
+  become: True
+  ansible.builtin.service:
+    name: sshd
+    state: restarted
\ No newline at end of file
diff --git a/roles/sshd/tasks/main.yml b/roles/sshd/tasks/main.yml
new file mode 100644
index 0000000..c4dd9ea
--- /dev/null
+++ b/roles/sshd/tasks/main.yml
@@ -0,0 +1,13 @@
+---
+- name: Configure sshd
+  become: True
+  lineinfile:
+    dest: "/etc/ssh/sshd_config"
+    regexp: "{{ item.regex }}"
+    line: "{{ item.line }}"
+  notify: Restart sshd
+  loop:
+    - { regex: '^(#\s*)?PermitEmptyPasswords'  , line: 'PermitEmptyPasswords no' }
+    - { regex: '^(#\s*)?PermitRootLogin'       , line: 'PermitRootLogin no' }
+    - { regex: '^(#\s*)?PasswordAuthentication', line: 'PasswordAuthentication no' }
+    - { regex: '^(#\s*)?UsePAM'                , line: 'UsePAM yes' }
\ No newline at end of file
-- 
cgit v1.2.3