initial commit

.vscode/settings.json

@@ -0,0 +1,5 @@
+{
+  "files.associations": {
+    "*.yml": "ansible"
+  }
+}

defaults/main.yml

@@ -0,0 +1,3 @@
+ssh_port: "22"
+ssh_password_authentication: "no"
+ssh_permit_root_login: "no"

handlers/main.yml

@@ -0,0 +1,4 @@
+- name: restart sshd
+  ansible.builtin.service:
+    name: "{{ ssh_service }}"
+    state: restarted

meta/main.yml

@@ -0,0 +1 @@
+dependencies: []

tasks/Arch.yml

@@ -0,0 +1,13 @@
+- name: Ensure package is installed.
+  ansible.builtin.package:
+    name: openssh
+    state: present
+
+- set_fact:
+    ssh_service: sshd
+
+- name: Enable service.
+  ansible.builtin.service:
+    name: "{{ ssh_service }}"
+    enabled: true
+    state: started

tasks/Debian.yml

@@ -0,0 +1,13 @@
+- name: Ensure package is installed.
+  ansible.builtin.package:
+    name: ssh
+    state: present
+
+- set_fact:
+    ssh_service: sshd
+
+- name: Enable service.
+  ansible.builtin.service:
+    name: "{{ ssh_service }}"
+    enabled: true
+    state: started

tasks/Raspbian.yml

@@ -0,0 +1,13 @@
+- name: Ensure package is installed.
+  ansible.builtin.package:
+    name: ssh
+    state: present
+
+- set_fact:
+    ssh_service: sshd
+
+- name: Enable service.
+  ansible.builtin.service:
+    name: "{{ ssh_service }}"
+    enabled: true
+    state: started

tasks/main.yml

@@ -0,0 +1,17 @@
+- ansible.builtin.include_tasks: "{{ ansible_lsb['id'] }}.yml"
+
+- name: Ensure sshd_config is setup.
+  ansible.builtin.lineinfile:
+    path: /etc/ssh/sshd_config
+    regexp: "{{ item.regexp }}"
+    line: "{{ item.line }}"
+    validate: "/usr/sbin/sshd -T -f %s"
+  with_items:
+    - regexp: "^#?PasswordAuthentication"
+      line: "PasswordAuthentication {{ ssh_password_authentication }}"
+    - regexp: "^#?PermitRootLogin"
+      line: "PermitRootLogin {{ ssh_permit_root_login }}"
+    - regexp: "^#?Port"
+      line: "Port {{ ssh_port }}"
+  notify:
+    - restart sshd