COnfigure SSH bastion

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "ansible/files/ssh"]
+	path = ansible/files/ssh
+	url = https://github.com/RealOrangeOne/ansible-ssh-bastion

ansible/.ansible-lint

@@ -2,3 +2,4 @@ skip_list:
   - 305
   - 401
   - 301
+  - 503

ansible/files/ssh

@@ -0,0 +1 @@
+Subproject commit 9f8159f1e6e468b9293e4c00d76aadf18aac6af5

ansible/hosts

@@ -0,0 +1,2 @@
+[casey]
+108.61.221.88

ansible/main.yml

@@ -0,0 +1,8 @@
+- hosts: all
+  tasks:
+    - name: Ping
+      ping:
+
+- hosts: casey
+  roles:
+    - ssh-bastion

ansible/roles/ssh-bastion/tasks/main.yml

@@ -0,0 +1,20 @@
+- name: Define context
+  set_fact:
+    user: jake
+    enable_root: true
+
+- name: SSH config
+  template:
+    src: files/ssh/sshd_config_bastion
+    dest: /etc/ssh/sshd_config
+    validate: /usr/sbin/sshd -t -f %s
+    backup: yes
+  become: true
+  become_user: root
+  register: sshd_config
+
+- name: Restart SSH config
+  service:
+    name: sshd
+    state: reloaded
+  when: sshd_config.changed

ansible/vars.yml

@@ -0,0 +1,2 @@
+user: jake
+enable_root: false

scripts/ansible.sh

@@ -4,4 +4,4 @@ set -e
 
 PATH=env/bin:${PATH}
 
-ansible-playbook -i ansible/hosts ansible/main.yml
+ansible-playbook -i ansible/hosts ansible/main.yml -k -K