feat: initial commit

2025-06-02 14:55:56 +01:00 · 2025-06-02 14:55:56 +01:00 · 072a1ed764
commit 072a1ed764
36 changed files with 1089 additions and 0 deletions
--- a/roles/system_baseline/tasks/sshd.yml
+++ b/roles/system_baseline/tasks/sshd.yml
@ -0,0 +1,24 @@
+---
+- name: sshd PermitRootLogin=no
+  lineinfile:
+    dest: "/etc/ssh/sshd_config"
+    regexp: "^#?\\w*PermitRootLogin"
+    line: "PermitRootLogin no"
+    state: present
+  become: true
+  notify: "reload sshd"
+
+- name: sshd PasswordAuthentication=no
+  lineinfile:
+    dest: "/etc/ssh/sshd_config"
+    regexp: "^#?\\w*PasswordAuthentication"
+    line: "PasswordAuthentication no"
+    state: present
+  become: true
+  notify: "reload sshd"
+
+- name: retrieve ssh host key
+  fetch:
+    src: "/etc/ssh/ssh_host_ed25519_key.pub"
+    dest: "files/ssh_host_keys/{{ inventory_hostname }}_ed25519.pub"
+    flat: yes