cicd/playbooks/roles/ssh/tasks/main.yml

---
- name: Install SSH
  ansible.builtin.package:
    name:
      - openssh-server

    state: present

- name: Change SSH port
  lineinfile:
    path: /etc/ssh/sshd_config
    regexp: '^#?Port'
    line: "Port {{ ports.main_ssh_port.port }}"

- name: Secure SSH config
  lineinfile:
    path: /etc/ssh/sshd_config
    regexp: "^{{ item.regexp }}"
    line: "{{ item.line }}"
  loop:
    - { regexp: '^#?PermitRootLogin', line: 'PermitRootLogin no' }
    - { regexp: '^#?PubkeyAuthentication', line: 'PubkeyAuthentication yes' }
    - { regexp: '^#?PasswordAuthentication', line: 'PasswordAuthentication no' }

- name: Setup SSH keys
  authorized_key:
    user: "{{ main_user }}"
    key: "{{ main_user_ssh_key }}"

- name: Reload SSH
  service:
    name: ssh
    state: reloaded
    enabled: true
v0.1 2025-07-20 14:53:12 +03:00			`---`
			`- name: Install SSH`
			`ansible.builtin.package:`
			`name:`
			`- openssh-server`

			`state: present`

			`- name: Change SSH port`
			`lineinfile:`
			`path: /etc/ssh/sshd_config`
			`regexp: '^#?Port'`
			`line: "Port {{ ports.main_ssh_port.port }}"`

			`- name: Secure SSH config`
			`lineinfile:`
			`path: /etc/ssh/sshd_config`
			`regexp: "^{{ item.regexp }}"`
			`line: "{{ item.line }}"`
			`loop:`
			`- { regexp: '^#?PermitRootLogin', line: 'PermitRootLogin no' }`
			`- { regexp: '^#?PubkeyAuthentication', line: 'PubkeyAuthentication yes' }`
			`- { regexp: '^#?PasswordAuthentication', line: 'PasswordAuthentication no' }`

			`- name: Setup SSH keys`
			`authorized_key:`
			`user: "{{ main_user }}"`
			`key: "{{ main_user_ssh_key }}"`

			`- name: Reload SSH`
			`service:`
			`name: ssh`
			`state: reloaded`
			`enabled: true`