From c116552ab878f3501b7d358fae9167a1684f7ece Mon Sep 17 00:00:00 2001
From: Matej Focko <me@mfocko.xyz>
Date: Fri, 12 Jul 2024 14:52:31 +0200
Subject: [PATCH] docs(system/sshd): document variables

Signed-off-by: Matej Focko <me@mfocko.xyz>
---
 roles/system/sshd/defaults/main.yml | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/roles/system/sshd/defaults/main.yml b/roles/system/sshd/defaults/main.yml
index 9661a86..73513a5 100644
--- a/roles/system/sshd/defaults/main.yml
+++ b/roles/system/sshd/defaults/main.yml
@@ -1,7 +1,15 @@
 ---
-system_sshd_port: 10022
-system_sshd_sign_host_keys: true
-
-system_sshd_auth_permit_root_login: "no"
+# Whether to accept password auth; ‹yes› or ‹no›
 system_sshd_auth_password_authentication: "no"
+
+# Whether to allow ‹root› login; ‹yes› or ‹no›
+system_sshd_auth_permit_root_login: "no"
+
+# Whether to setup trusted CA (against the HashiCorp Vault instance)
 system_sshd_auth_trusted_ca: true
+
+# Default port where the SSH daemon runs; also adjusts the SELinux policy
+system_sshd_port: 10022
+
+# [TODO]: Whether to sign the host keys (against the HashiCorp Vault instance)
+system_sshd_sign_host_keys: true