Clean Code

01-old/ansible/roles/bastion/tasks/sshd_config.yml

@@ -0,0 +1,30 @@
+---
+- name: Configure ssh root login to {{sshrootlogin}}
+  lineinfile:
+    dest: /etc/ssh/sshd_config
+    regexp: '^(#)?PermitRootLogin.*'
+    line: 'PermitRootLogin {{sshrootlogin}}'
+    insertbefore: '^Match.*'
+    state: present
+    owner: root
+    group: root
+    mode: 0640
+  notify: restart sshd
+
+- name: SSH Listen on Main Port
+  lineinfile:
+    dest: /etc/ssh/sshd_config
+    insertbefore: '^#*AddressFamily'
+    line: 'Port {{sshmainport}}'
+    state: present
+    owner: root
+    group: root
+    mode: 0640
+  notify: restart sshd
+
+- name: "Setting sshd allow users"
+  template:
+    src: allow_users.j2
+    dest: "/etc/ssh/sshd_config.d/allow_users.conf"
+  notify: restart sshd
+