fix: don't nest vars to improve UX

Signed-off-by: Matej Focko <me@mfocko.xyz>

inventory/desktops.yml

@@ -7,24 +7,17 @@ desktops:
     ohm:
 
   vars:
-    sshd:
+    sshd_port: 22
-      port: 22
+    sshd_sign_host_keys: false
+    sshd_auth_password_authentication: "yes"
 
-      auth:
+    flatpak_apps:
-        permit_root_login: "no"
+      - com.chatterino.chatterino
-        password_authentication: "yes"
+      - com.discordapp.Discord
-        trusted_ca: true
+      - com.spotify.Client
-
+      # - net.ankiweb.Anki
-      sign_host_keys: false
+      - org.gnome.DejaDup
-
+      - org.mozilla.Thunderbird
-    flatpak:
+      # - org.raspberrypi.rpi-imager
-      apps:
+      - org.telegram.desktop
-        - com.chatterino.chatterino
+      # - org.x.Warpinator
-        - com.discordapp.Discord
-        - com.spotify.Client
-        # - net.ankiweb.Anki
-        - org.gnome.DejaDup
-        - org.mozilla.Thunderbird
-        # - org.raspberrypi.rpi-imager
-        - org.telegram.desktop
-        # - org.x.Warpinator

inventory/servers.yml

@@ -3,12 +3,4 @@ servers:
   hosts:
     poincare:
     maxwell:
-      sshd:
+      sshd_port: 6969
-        port: 6969
-
-        auth:
-          permit_root_login: "no"
-          password_authentication: "no"
-          trusted_ca: true
-
-        sign_host_keys: true

roles/system/flatpak/defaults/main.yml

@@ -1,3 +1,2 @@
 ---
-flatpak:
+flatpak_apps: []
-  apps: []

roles/system/flatpak/tasks/main.yml

@@ -11,5 +11,5 @@
   community.general.packaging.os.flatpak:
     name: "{{ item }}"
     state: present
-  loop: "{{ flatpak.apps }}"
+  loop: "{{ flatpak_apps }}"
-  when: flatpak.apps
+  when: flatpak_apps

roles/system/sshd/defaults/main.yml

@@ -1,10 +1,7 @@
 ---
-sshd:
+sshd_port: 10022
-  port: 10022
+sshd_sign_host_keys: true
 
-  auth:
+sshd_auth_permit_root_login: "no"
-    permit_root_login: "no"
+sshd_auth_password_authentication: "no"
-    password_authentication: "no"
+sshd_auth_trusted_ca: true
-    trusted_ca: true
-
-  sign_host_keys: true

roles/system/sshd/tasks/main.yml

@@ -29,4 +29,4 @@
 
 - name: Set trusted CA
   ansible.builtin.include_tasks: trusted_ca.yml
-  when: sshd.auth.trusted_ca
+  when: sshd_auth_trusted_ca

roles/system/sshd/templates/10-harden.conf

@@ -1,6 +1,6 @@
 # Port
-Port {{ sshd.port }}
+Port {{ sshd_port }}
 
 # Auth
-PermitRootLogin {{ sshd.auth.permit_root_login }}
+PermitRootLogin {{ sshd_auth_permit_root_login }}
-PasswordAuthentication {{ sshd.auth.password_authentication }}
+PasswordAuthentication {{ sshd_auth_password_authentication }}