Feat: add ssh role

roles/ssh/tasks/debian.yml

@@ -0,0 +1,5 @@
+---
+- name: Debian - Install ssh
+  apt:
+    name: openssh-server
+    state: present

roles/ssh/tasks/main.yml

@@ -0,0 +1,35 @@
+---
+# tasks file for core
+- name: Install os-specific packages
+  include_tasks: "{{ ansible_os_family | lower }}.yml"
+
+- name: Add identity key to authorized keys on host
+  authorized_key:
+    user: "{{ ssh_target_user }}"
+    key: "{{ ssh_publickey }}"
+  register: add_identity_key
+  when: ssh_target_user is defined and ssh_publickey is defined
+
+- name: Disable empty password login
+  lineinfile:
+    dest: "{{ sshd_configfilename }}"
+    regexp: '^#?PermitEmptyPasswords'
+    line: 'PermitEmptyPasswords no'
+  notify: restart sshd
+
+- name: Disable remote root login
+  lineinfile:
+    dest: "{{ sshd_configfilename }}"
+    regexp: '^#?PermitRootLogin'
+    line: 'PermitRootLogin no'
+  notify: restart sshd
+
+- name: Disable password login
+  lineinfile:
+    dest: "{{ sshd_configfilename }}"
+    regexp: '^(#\s*)?PasswordAuthentication '
+    line: 'PasswordAuthentication no'
+  when:
+    - add_identity_key is succeeded
+    - not add_identity_key is skipped
+  notify: restart sshd