---
- name: disabling core dump
  lineinfile:
    path: /etc/security/limits.conf
    line: "* hard core 0"

- name: default umask
  lineinfile:
    path: /etc/login.defs
    line: UMASK 027
    regexp: ^UMASK.*

- name: put myself to /etc/hosts
  lineinfile:
    path: /etc/hosts
    line: "127.0.0.1 {{ ansible_hostname }}"

- name: SSH config
  lineinfile:
    path: /etc/ssh/sshd_config
    line: "{{ item.conf }}"
    regexp: "{{ item.regexp }}"
  notify: restart sshd
  loop:
    - { conf: "Compression no", regexp: \#?Compression.* }
    - { conf: "MaxAuthTries 3", regexp: \#?MaxAuthTries.* }

- name: sysctl
  copy:
    dest: /etc/sysctl.d/50-hardening.conf
    src: files/sysctl-50-hardening.conf
  notify: restart sysctl