From 0135bcd48f2fa864c52f403a1100189fdb550217 Mon Sep 17 00:00:00 2001
From: Matej Focko <me@mfocko.xyz>
Date: Thu, 12 Dec 2024 16:10:22 +0100
Subject: [PATCH] =?UTF-8?q?chore:=20rename=20=E2=80=B9ssh=E2=80=BA=20group?=
 =?UTF-8?q?=20of=20roles?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Matej Focko <me@mfocko.xyz>
---
 group_vars/desktops/vars                               |  6 +++---
 host_vars/mountainside/vars                            |  2 +-
 playbooks/bootstrap.yml                                |  4 ++--
 roles/{ssh => ssh_client}/files/ssh_config             |  0
 roles/{ssh => ssh_client}/files/vssh                   |  0
 roles/{ssh => ssh_client}/tasks/main.yml               |  0
 roles/{sshd => ssh_server}/defaults/main.yml           | 10 +++++-----
 roles/{sshd => ssh_server}/files/10-ca.conf            |  0
 roles/{sshd => ssh_server}/handlers/main.yml           |  0
 roles/{sshd => ssh_server}/tasks/install.yml           |  0
 roles/{sshd => ssh_server}/tasks/main.yml              |  4 ++--
 roles/{sshd => ssh_server}/tasks/trusted_ca.yml        |  0
 roles/ssh_server/templates/10-harden.conf              |  8 ++++++++
 .../templates/10-signed-host-key.conf                  |  0
 roles/sshd/templates/10-harden.conf                    |  8 --------
 15 files changed, 21 insertions(+), 21 deletions(-)
 rename roles/{ssh => ssh_client}/files/ssh_config (100%)
 rename roles/{ssh => ssh_client}/files/vssh (100%)
 rename roles/{ssh => ssh_client}/tasks/main.yml (100%)
 rename roles/{sshd => ssh_server}/defaults/main.yml (66%)
 rename roles/{sshd => ssh_server}/files/10-ca.conf (100%)
 rename roles/{sshd => ssh_server}/handlers/main.yml (100%)
 rename roles/{sshd => ssh_server}/tasks/install.yml (100%)
 rename roles/{sshd => ssh_server}/tasks/main.yml (95%)
 rename roles/{sshd => ssh_server}/tasks/trusted_ca.yml (100%)
 create mode 100644 roles/ssh_server/templates/10-harden.conf
 rename roles/{sshd => ssh_server}/templates/10-signed-host-key.conf (100%)
 delete mode 100644 roles/sshd/templates/10-harden.conf

diff --git a/group_vars/desktops/vars b/group_vars/desktops/vars
index 3e96827..673bf4e 100644
--- a/group_vars/desktops/vars
+++ b/group_vars/desktops/vars
@@ -1,6 +1,6 @@
-sshd_port: 22
-sshd_sign_host_keys: false
-sshd_auth_password_authentication: "yes"
+ssh_server_port: 22
+ssh_server_sign_host_keys: false
+ssh_server_auth_password_authentication: "yes"
 
 flatpak_apps:
   - "com.chatterino.chatterino/{{ ansible_architecture }}/stable"
diff --git a/host_vars/mountainside/vars b/host_vars/mountainside/vars
index df41936..7c572b7 100644
--- a/host_vars/mountainside/vars
+++ b/host_vars/mountainside/vars
@@ -1,4 +1,4 @@
-system_sshd_port: 22022
+ssh_server_port: 22022
 
 certbot_domains:
   - mountainside.mfocko.xyz
diff --git a/playbooks/bootstrap.yml b/playbooks/bootstrap.yml
index daa9922..c3b38e9 100644
--- a/playbooks/bootstrap.yml
+++ b/playbooks/bootstrap.yml
@@ -32,7 +32,7 @@
       tags: podman
 
     # Install and configure SSH server
-    - role: sshd
+    - role: ssh_server
       become: true
       tags: sshd
 
@@ -55,7 +55,7 @@
       tags: git
 
     # Configure ssh
-    - role: ssh
+    - role: ssh_client
       tags: ssh
 
     # Set up GPG
diff --git a/roles/ssh/files/ssh_config b/roles/ssh_client/files/ssh_config
similarity index 100%
rename from roles/ssh/files/ssh_config
rename to roles/ssh_client/files/ssh_config
diff --git a/roles/ssh/files/vssh b/roles/ssh_client/files/vssh
similarity index 100%
rename from roles/ssh/files/vssh
rename to roles/ssh_client/files/vssh
diff --git a/roles/ssh/tasks/main.yml b/roles/ssh_client/tasks/main.yml
similarity index 100%
rename from roles/ssh/tasks/main.yml
rename to roles/ssh_client/tasks/main.yml
diff --git a/roles/sshd/defaults/main.yml b/roles/ssh_server/defaults/main.yml
similarity index 66%
rename from roles/sshd/defaults/main.yml
rename to roles/ssh_server/defaults/main.yml
index 402331b..22ab5b8 100644
--- a/roles/sshd/defaults/main.yml
+++ b/roles/ssh_server/defaults/main.yml
@@ -1,15 +1,15 @@
 ---
 # Whether to accept password auth; ‹yes› or ‹no›
-sshd_auth_password_authentication: "no"
+ssh_server_auth_password_authentication: "no"
 
 # Whether to allow ‹root› login; ‹yes› or ‹no›
-sshd_auth_permit_root_login: "no"
+ssh_server_auth_permit_root_login: "no"
 
 # Whether to setup trusted CA (against the HashiCorp Vault instance)
-sshd_auth_trusted_ca: true
+ssh_server_auth_trusted_ca: true
 
 # Default port where the SSH daemon runs; also adjusts the SELinux policy
-sshd_port: 10022
+ssh_server_port: 10022
 
 # [TODO]: Whether to sign the host keys (against the HashiCorp Vault instance)
-sshd_sign_host_keys: true
+ssh_server_sign_host_keys: true
diff --git a/roles/sshd/files/10-ca.conf b/roles/ssh_server/files/10-ca.conf
similarity index 100%
rename from roles/sshd/files/10-ca.conf
rename to roles/ssh_server/files/10-ca.conf
diff --git a/roles/sshd/handlers/main.yml b/roles/ssh_server/handlers/main.yml
similarity index 100%
rename from roles/sshd/handlers/main.yml
rename to roles/ssh_server/handlers/main.yml
diff --git a/roles/sshd/tasks/install.yml b/roles/ssh_server/tasks/install.yml
similarity index 100%
rename from roles/sshd/tasks/install.yml
rename to roles/ssh_server/tasks/install.yml
diff --git a/roles/sshd/tasks/main.yml b/roles/ssh_server/tasks/main.yml
similarity index 95%
rename from roles/sshd/tasks/main.yml
rename to roles/ssh_server/tasks/main.yml
index 7a94b9c..19b7b73 100644
--- a/roles/sshd/tasks/main.yml
+++ b/roles/ssh_server/tasks/main.yml
@@ -29,7 +29,7 @@
 
 - name: Notify SELinux about new port
   community.general.seport:
-    ports: "{{ sshd_port }}"
+    ports: "{{ ssh_server_port }}"
     proto: "tcp"
     setype: "ssh_port_t"
     state: "present"
@@ -37,7 +37,7 @@
 
 - name: Enable the new SSH port on firewall
   ansible.posix.firewalld:
-    port: "{{ sshd_port }}/tcp"
+    port: "{{ ssh_server_port }}/tcp"
     immediate: true
     permanent: true
     state: enabled
diff --git a/roles/sshd/tasks/trusted_ca.yml b/roles/ssh_server/tasks/trusted_ca.yml
similarity index 100%
rename from roles/sshd/tasks/trusted_ca.yml
rename to roles/ssh_server/tasks/trusted_ca.yml
diff --git a/roles/ssh_server/templates/10-harden.conf b/roles/ssh_server/templates/10-harden.conf
new file mode 100644
index 0000000..f47a673
--- /dev/null
+++ b/roles/ssh_server/templates/10-harden.conf
@@ -0,0 +1,8 @@
+# {{ ansible_managed }}
+
+# Port
+Port {{ ssh_server_port }}
+
+# Auth
+PermitRootLogin {{ ssh_server_auth_permit_root_login }}
+PasswordAuthentication {{ ssh_server_auth_password_authentication }}
diff --git a/roles/sshd/templates/10-signed-host-key.conf b/roles/ssh_server/templates/10-signed-host-key.conf
similarity index 100%
rename from roles/sshd/templates/10-signed-host-key.conf
rename to roles/ssh_server/templates/10-signed-host-key.conf
diff --git a/roles/sshd/templates/10-harden.conf b/roles/sshd/templates/10-harden.conf
deleted file mode 100644
index d1a8d08..0000000
--- a/roles/sshd/templates/10-harden.conf
+++ /dev/null
@@ -1,8 +0,0 @@
-# {{ ansible_managed }}
-
-# Port
-Port {{ sshd_port }}
-
-# Auth
-PermitRootLogin {{ sshd_auth_permit_root_login }}
-PasswordAuthentication {{ sshd_auth_password_authentication }}