feat: Create role

README.md

@@ -1,3 +1,37 @@
-# role_modele
+# role_ssh
 
-Modèle
+Secure SSH configuration and manage SSH port
+
+## inventory.yml
+
+```yaml
+---
+
+all:
+  hosts:
+    host1.ykn.local:
+    host2.ykn.local:
+  children:
+    dnsservers:
+      hosts:
+        dnsmasq1.ykn.local:
+        dnsmasq2.ykn.local:
+```
+
+## host_vars/host1.ykn.local.yml
+
+```yaml
+---
+
+ssh_listen_port: 2201
+```
+
+### playbook.yml
+
+```yaml
+---
+
+- hosts: all
+  roles:
+    - name: ssh
+```

defaults/main.yml

@@ -0,0 +1,5 @@
+---
+# defaults file for ssh
+
+ssh_listen_port: 22
+ssh_permit_root_login: !!str no

handlers/main.yml

@@ -0,0 +1,8 @@
+---
+# handlers file for ssh
+
+- name: Restart ssh.service
+  ansible.builtin.systemd:
+    state: restarted
+    name: sshd.service
+  become: true

meta/main.yml

@@ -1,7 +1,7 @@
 galaxy_info:
   namespace: ykn
   author: pulsar89.5
-  description: Rôle modèle
+  description: Secure SSH configuration and manage SSH port
 
   license: GPL-3.0-or-later
 

tasks/main.yml

@@ -0,0 +1,22 @@
+---
+# tasks file for ssh
+
+- name: Deploy security conf
+  ansible.builtin.template:
+    owner: root
+    group: root
+    mode: u=rw,g=r,o=r
+    src: security.conf.j2
+    dest: /etc/ssh/sshd_config.d/security.conf
+  become: true
+  notify: Restart ssh.service
+
+- name: Deploy port conf
+  ansible.builtin.template:
+    owner: root
+    group: root
+    mode: u=rw,g=r,o=r
+    src: port.conf.j2
+    dest: /etc/ssh/sshd_config.d/port.conf
+  become: true
+  notify: Restart ssh.service

templates/port.conf.j2

@@ -0,0 +1,3 @@
+# {{ ansible_managed }}
+
+Port {{ ssh_listen_port }}

templates/security.conf.j2

@@ -0,0 +1,10 @@
+# {{ ansible_managed }}
+
+PermitRootLogin {{ ssh_permit_root_login }}
+PasswordAuthentication no
+PermitEmptyPasswords no
+
+LoginGraceTime 30
+{{ 'DebianBanner no' if (ansible_facts['distribution'] | lower) == 'debian' }}
+X11Forwarding no
+StrictModes yes