From a8612074d856ce6e8e3f69a72b38a0d209ab010a Mon Sep 17 00:00:00 2001
From: Sheppy <sheppy@atlantishq.de>
Date: Sun, 1 Jan 2023 17:34:56 +0100
Subject: [PATCH] feat: sshd config

---
 playbook.yaml                       |  1 +
 roles/sshd-config/handlers/main.yml |  4 ++++
 roles/sshd-config/tasks/main.yaml   | 14 ++++++++++++++
 3 files changed, 19 insertions(+)
 create mode 100644 roles/sshd-config/handlers/main.yml
 create mode 100644 roles/sshd-config/tasks/main.yaml

diff --git a/playbook.yaml b/playbook.yaml
index 53166e9..3f0ced2 100644
--- a/playbook.yaml
+++ b/playbook.yaml
@@ -3,6 +3,7 @@
   roles:
     - monitoring-client
     - monitoring-logs
+    - sshd-config
 
 - hosts: monitoring
   roles:
diff --git a/roles/sshd-config/handlers/main.yml b/roles/sshd-config/handlers/main.yml
new file mode 100644
index 0000000..a7acba8
--- /dev/null
+++ b/roles/sshd-config/handlers/main.yml
@@ -0,0 +1,4 @@
+- name: reload sshd
+  systemd:
+    name: sshd
+    state: reloaded
diff --git a/roles/sshd-config/tasks/main.yaml b/roles/sshd-config/tasks/main.yaml
new file mode 100644
index 0000000..bb746a7
--- /dev/null
+++ b/roles/sshd-config/tasks/main.yaml
@@ -0,0 +1,14 @@
+- name: SSH Listen Port 7000
+  lineinfile:
+    path: /etc/ssh/sshd_config
+    line: 'Port 7000'
+  notify:
+    - reload sshd
+
+- name: SSH Listen Port 22 (safety)
+  lineinfile:
+    path: /etc/ssh/sshd_config
+    regexp: '^#Port 22'
+    line: 'Port 22'
+  notify:
+    - reload sshd