#SPDX-License-Identifier: MIT-0
---
# tasks file for roles/init-vps
- name: Acquiring current user
  when: ansible_facts["system"] == "Linux"
  ansible.builtin.shell:
    cmd: "echo {{ ansible_user }}"
  register: current_user
- name: Checking whether administrative login used
  when: ansible_user not in (admins | map(attribute="username") | list) and ansible_user != "root"
  ansible.builtin.fail:
    msg: Must use administrative user for subsequent tasks
- name: Hardening SSH service
  become: true
  ansible.builtin.copy:
    src: sshd_config.d/harden.conf
    dest: /etc/ssh/sshd_config.d/harden.conf
    owner: root
    group: root
    mode: "644"
    force: true
    backup: true
    validate: 'sshd -t -f %s'
  register: ssh_hardened