README.md

@@ -30,8 +30,6 @@ ensure_ansible_version: 2.10.3
 enable_sudo: yes
 # Allow passwordless sudo (applied to group wheel)
 enable_passwordless_sudo: yes
-# Skip provisioning of the firewall
-skip_firewall: no
 ```
 
 Dependencies

defaults/main.yml

@@ -18,10 +18,3 @@ ensure_ansible_version: 2.10.3
 enable_sudo: yes
 # Allow passwordless sudo (applied to group wheel)
 enable_passwordless_sudo: yes
-# Allow root to connect through SSH
-enable_ssh_for_root: yes
-# Allow root to connect only using public key authentication, no password
-enable_ssh_for_root_prohibit_password: no
-# Skip provisioning of the firewall
-skip_firewall: no
-authorized_keys_are_exclusive: false # Be careful, this will delete non-Ansible-managed authorized keys from the target!

handlers/main.yml

@@ -1,7 +1,2 @@
 ---
 # handlers file for common
-- name: Restart SSH
-  ansible.builtin.service:
-    name: ssh
-    state: restarted
-  become: true

tasks/main.yml

@@ -12,13 +12,10 @@
   import_role:
     name: geerlingguy.firewall
   tags: firewall
-  when: not skip_firewall
 
 - include: locales-debian.yml
   become: true
-  when:
+  when: ansible_facts['os_family'] == 'Debian'
-    - ansible_facts['os_family'] == 'Debian'
-    - not ansible_is_chroot
 
 - include: users.yml
   become: true

tasks/users.yml

@@ -11,14 +11,6 @@
     groups: users
   with_items: "{{ users }}"
 
-- name: 'Add docker users'
-  user:
-    name: "{{ item }}"
-    groups: docker
-    append: yes
-  with_items: "{{ docker_users }}"
-  when: docker_users | count
-
 - block:
     - name: 'Ensure that sudo group is existing'
       group:
@@ -52,9 +44,8 @@
     user: "{{ item }}"
     state: present
     key: "{{ lookup('file', 'public_keys/id_{{ item }}.pub') }}"
-    exclusive: "{{ authorized_keys_are_exclusive | bool }}"
   with_items: "{{ users }}"
-  ignore_errors: true
+  ignore_errors: yes
 
 - block:
     - name: 'Ensure that wheel group is existing'
@@ -80,38 +71,6 @@
         files:
           - /etc/sudoers
           - /usr/local/etc/sudoers # e.g. FreeBSD
-
-    - name: 'Disable SSH for root'
-      lineinfile:
-        dest: "/etc/ssh/sshd_config"
-        state: present
-        regexp: '^#?\s*PermitRootLogin'
-        line: 'PermitRootLogin No'
-      notify: Restart SSH
-      when:
-        - enable_ssh_for_root | bool == false
-    
-    - name: 'Enable SSH for root through password or key'
-      lineinfile:
-        dest: "/etc/ssh/sshd_config"
-        state: present
-        regexp: '^#?\s*PermitRootLogin'
-        line: 'PermitRootLogin Yes'
-      notify: Restart SSH
-      when:
-        - enable_ssh_for_root | bool == true
-        - enable_ssh_for_root_prohibit_password | bool == false
-    
-    - name: 'Enable SSH for root through key only'
-      lineinfile:
-        dest: "/etc/ssh/sshd_config"
-        state: present
-        regexp: '^#?\s*PermitRootLogin'
-        line: 'PermitRootLogin prohibit-password'
-      notify: Restart SSH
-      when:
-        - enable_ssh_for_root | bool == true
-        - enable_ssh_for_root_prohibit_password | bool == true
   when:
     - enable_sudo
     - enable_passwordless_sudo