refactor: restructured project for higher-utility naming practices and optimized data structures for variables

roles/bootstrap/templates/sshd_config.d/allowance.conf.j2

@@ -0,0 +1,15 @@
+{% if list_type == 'whitelist' %}
+{% if policed_groups is not None and len(policed_groups) > 0 %}
+AllowGroups {{ policed_groups.join(' ') }}
+{% endif %}
+{% if policed_users is not None and len(policed_users) > 0 %}
+AllowUsers {{ policed_users.join(' ') }}
+{% endif %}
+{% else %}
+{% if policed_groups is not None and len(policed_groups) > 0 %}
+DenyGroups {{ policed_groups.join(' ') }}
+{% endif %}
+{% if policed_users is not None and len(policed_users) > 0 %}
+DenyGroups {{ policed_users.join(' ') }}
+{% endif %}
+{% endif %}

roles/bootstrap/templates/sshd_config.d/auth.conf.j2

@@ -0,0 +1,27 @@
+{% if empty_auth_used %}
+PermitEmptyPasswords yes
+{% else %}
+PermitEmptyPasswords no
+{% endif %}
+{% if pass_auth_used %}
+PasswordAuthentication yes
+{% else %}
+PasswordAuthentication no
+{% endif %}
+{% if kbd_auth_used is not None %}
+{% if kbd_auth_used %}
+KbdInteractiveAuthentication yes
+{% else %}
+KbdInteractiveAuthentication no # enable if implementing TOTP 2FA
+{% endif %}
+{% endif %}
+{% if pam_auth_used %}
+UsePAM yes
+{% else %}
+UsePAM no # enable if implementing TOTP 2FA
+{% endif %}
+{% if key_auth_used %}
+PubkeyAuthentication yes
+{% else %}
+PubkeyAuthentication no
+{% endif %}

roles/bootstrap/templates/sshd_config.d/denyroot.conf.j2

@@ -0,0 +1,5 @@
+{% if root_login_allowed %}
+PermitRootLogin yes
+{% else %}
+PermitRootLogin no
+{% endif %}

roles/bootstrap/templates/sshd_config.d/harden.conf.j2

@@ -0,0 +1,2 @@
+ClientAliveInterval {{ client_subsistence }}
+ClientAliveCountMax {{ client_subsist_warn_max }}