---
# base config
- name: basic tools
  package:
    state: present
    name: htop

# cloud-init
- name: stop cloud-init
  service:
    name: cloud-init
    state: stopped

- name: disable cloud-init
  service:
    name: cloud-init
    enabled: false

# legal
- name: copy SSH disclaimer
  copy:
    src: files/issue.net
    dest: /etc/issue.net
    mode: u=rw,g=r,o=r
    owner: root
    group: root
  notify: restart sshd

- name: set SSH Banner
  lineinfile:
    path: /etc/ssh/sshd_config
    line: Banner /etc/issue.net
    regexp: \#?Banner.*
    state: present
  notify: restart sshd

- name: link local banner to SSH banner
  file:
    src: /etc/issue.net
    path: /etc/issue
    state: hard
    force: yes

- include_tasks: hardening.yml