From 7e4af01df338f0c76d7a184563fa50aa80023e07 Mon Sep 17 00:00:00 2001
From: Tunui Franken <tfranken@protonmail.com>
Date: Sat, 6 Jul 2024 18:10:12 +0200
Subject: [PATCH] Add sshd_config

---
 roles/common/handlers/main.yml        |  7 +++++++
 roles/common/tasks/main.yml           | 10 ++++++++++
 roles/common/templates/sshd_config.j2 |  4 ++++
 3 files changed, 21 insertions(+)
 create mode 100644 roles/common/handlers/main.yml
 create mode 100644 roles/common/templates/sshd_config.j2

diff --git a/roles/common/handlers/main.yml b/roles/common/handlers/main.yml
new file mode 100644
index 0000000..a5bfd8c
--- /dev/null
+++ b/roles/common/handlers/main.yml
@@ -0,0 +1,7 @@
+---
+
+- name: Restart sshd service
+  become: true
+  ansible.builtin.systemd:
+    name: sshd
+    state: restarted
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index cdb5eed..5ac98e7 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -28,3 +28,13 @@
 - name: Setup etckeeper
   ansible.builtin.include_role:
     name: etckeeper
+
+- name: Copy sshd_config
+  become: true
+  ansible.builtin.template:
+    src: sshd_config.j2
+    dest: /etc/ssh/sshd_config.d/00-lime2.conf
+    mode: "644"
+    owner: root
+    group: root
+  notify: Restart sshd service
diff --git a/roles/common/templates/sshd_config.j2 b/roles/common/templates/sshd_config.j2
new file mode 100644
index 0000000..f1c1392
--- /dev/null
+++ b/roles/common/templates/sshd_config.j2
@@ -0,0 +1,4 @@
+# {{ ansible_managed }}
+
+PermitRootLogin no
+PasswordAuthentication no