Add SSH configuration

Author: QuLogic

files/sshd_config

@@ -0,0 +1,7 @@
+# Drop-in config for SSH that disables things we don't want.
+
+# Already off by DO initial setup, but be explicit.
+PasswordAuthentication no
+
+# Enabled by 50-redhat.conf, but we don't have any X programs.
+X11Forwarding no

matplotlib.org.yml

@@ -59,7 +59,7 @@
     # Firewall setup
     # ##############
     - name: Setup firewall
-      tags: firewal
+      tags: firewall
       block:
         - name: Enable firewall
           ansible.builtin.systemd:
@@ -68,6 +68,7 @@
             state: started
 
         - name: Allow SSH on firewall
+          tags: ssh
           ansible.posix.firewalld:
             service: ssh
             permanent: true
@@ -91,6 +92,14 @@
             offline: true
             state: enabled
 
+    # SSH configuration
+    # #################
+    - name: Configure SSH
+      tags: ssh
+      ansible.builtin.copy:
+        src: sshd_config
+        dest: /etc/ssh/sshd_config.d/99-matplotlib.conf
+
     # fail2ban setup
     # ##############
     - name: Setup fail2ban