v0.1

playbooks/roles/ssh/README.md

@@ -0,0 +1,40 @@
+SSH
+=========
+
+This role for install if necessary and configure SSH
+
+Requirements
+------------
+
+Role Variables
+--------------
+
+- main_ssh_port
+- main_user
+- main_user_ssh_key
+
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set
+for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for
+users too:
+
+    - hosts: servers
+      roles:
+         - { role: username.rolename, x: 42 }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).

playbooks/roles/ssh/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+# defaults file for ssh

playbooks/roles/ssh/handlers/main.yml

@@ -0,0 +1,6 @@
+---
+- name: Reload SSH
+  ansible.builtin.service:
+    name: ssh
+    state: reloaded
+    enabled: true

playbooks/roles/ssh/meta/main.yml

@@ -0,0 +1,52 @@
+galaxy_info:
+  author: your name
+  description: your role description
+  company: your company (optional)
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.1
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.

playbooks/roles/ssh/tasks/SSH-playbook.yaml.examples

@@ -0,0 +1,51 @@
+---
+- name: Configure SSH
+  hosts: main_server
+  become: yes
+  tasks:
+    - name: Change SSH port
+      lineinfile:
+        path: /etc/ssh/sshd_config
+        regexp: '^#?Port'
+        line: "Port {{ main_ssh_port }}"
+
+    - name: Secure SSH config
+      lineinfile:
+        path: /etc/ssh/sshd_config
+        regexp: "^{{ item.regexp }}"
+        line: "{{ item.line }}"
+      loop:
+        - { regexp: '^#?PermitRootLogin', line: 'PermitRootLogin no' }
+        - { regexp: '^#?PubkeyAuthentication', line: 'PubkeyAuthentication yes' }
+        - { regexp: '^#?PasswordAuthentication', line: 'PasswordAuthentication no' }
+
+    - name: Setup SSH keys
+      authorized_key:
+        user: "{{ item }}"
+        state: present
+        key: "{{ user_ssh_key }}"
+      loop:
+        - "{{ ansible_user }}"
+        - "{{ new_user}}"
+
+    - name: Reload SSH
+      service:
+        name: ssh
+        state: reloaded
+
+    - name: Ensure SSH service is running
+      ansible.builtin.service:
+        name: ssh
+        state: restarted
+        enabled: true
+
+    - name: Check if SSH is listening on the correct port
+      become: yes
+      shell: "ss -tulpn | grep :{{ main_ssh_port }}"
+      register: ssh_port_check
+
+    - name: show SSH port
+      debug:
+        var: ssh_port_check.stdout
+
+

playbooks/roles/ssh/tasks/main.yml

@@ -0,0 +1,34 @@
+---
+- name: Install SSH
+  ansible.builtin.package:
+    name:
+      - openssh-server
+
+    state: present
+
+- name: Change SSH port
+  lineinfile:
+    path: /etc/ssh/sshd_config
+    regexp: '^#?Port'
+    line: "Port {{ ports.main_ssh_port.port }}"
+
+- name: Secure SSH config
+  lineinfile:
+    path: /etc/ssh/sshd_config
+    regexp: "^{{ item.regexp }}"
+    line: "{{ item.line }}"
+  loop:
+    - { regexp: '^#?PermitRootLogin', line: 'PermitRootLogin no' }
+    - { regexp: '^#?PubkeyAuthentication', line: 'PubkeyAuthentication yes' }
+    - { regexp: '^#?PasswordAuthentication', line: 'PasswordAuthentication no' }
+
+- name: Setup SSH keys
+  authorized_key:
+    user: "{{ main_user }}"
+    key: "{{ main_user_ssh_key }}"
+
+- name: Reload SSH
+  service:
+    name: ssh
+    state: reloaded
+    enabled: true

playbooks/roles/ssh/tests/test.yml

@@ -0,0 +1,5 @@
+---
+- hosts: localhost
+  remote_user: root
+  roles:
+    - ssh

playbooks/roles/ssh/vars/main.yml

@@ -0,0 +1,3 @@
+---
+main_ssh_port: 22
+user_ssh_key: ~/.ssh/id_ed25519