From d09093a3fd8499fefc813442249a38882565a813 Mon Sep 17 00:00:00 2001
From: L3D <l3d@c3woc.de>
Date: Thu, 11 Mar 2021 00:17:05 +0100
Subject: [PATCH 1/3] start adding github actions and improve meta

---
 .cache/roles/do1jlr.sshd                    |  1 +
 .github/FUNDING.yml                         |  2 +-
 .github/workflows/ansible-linting-check.yml | 22 +++++++++++++++++++++
 .github/workflows/yamllint.yaml             | 22 +++++++++++++++++++++
 defaults/main.yml                           | 17 +++++++++-------
 handlers/main.yml                           |  2 +-
 meta/main.yml                               | 19 +++++++-----------
 7 files changed, 64 insertions(+), 21 deletions(-)
 create mode 120000 .cache/roles/do1jlr.sshd
 create mode 100644 .github/workflows/ansible-linting-check.yml
 create mode 100644 .github/workflows/yamllint.yaml

diff --git a/.cache/roles/do1jlr.sshd b/.cache/roles/do1jlr.sshd
new file mode 120000
index 0000000..c25bddb
--- /dev/null
+++ b/.cache/roles/do1jlr.sshd
@@ -0,0 +1 @@
+../..
\ No newline at end of file
diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml
index 51ba466..67818dd 100644
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@@ -1,4 +1,4 @@
-# These are supported funding model platforms
+---
 
 github: [do1jlr]
 liberapay: L3D
diff --git a/.github/workflows/ansible-linting-check.yml b/.github/workflows/ansible-linting-check.yml
new file mode 100644
index 0000000..41dcb97
--- /dev/null
+++ b/.github/workflows/ansible-linting-check.yml
@@ -0,0 +1,22 @@
+---
+name: Ansible Lint check
+
+# yamllint disable-line rule:truthy
+on: [push, pull_request]
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Lint Ansible Playbook
+        uses: ansible/ansible-lint-action@master
+        with:
+          targets: "."
+          # [required]
+          # Paths to ansible files (i.e., playbooks, tasks, handlers etc..)
+          args: ""
+          # [optional]
diff --git a/.github/workflows/yamllint.yaml b/.github/workflows/yamllint.yaml
new file mode 100644
index 0000000..39c49f8
--- /dev/null
+++ b/.github/workflows/yamllint.yaml
@@ -0,0 +1,22 @@
+---
+name: 'Yamllint GitHub Actions'
+
+# yamllint disable-line rule:truthy
+on: [push, pull_request]
+
+jobs:
+  yamllint:
+    name: 'Yamllint'
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Checkout'
+        uses: actions/checkout@master
+      - name: 'Yamllint'
+        uses: karancode/yamllint-github-action@master
+        with:
+          yamllint_file_or_dir: '.'
+          yamllint_config_filepath: './.yamllint'
+          yamllint_strict: false
+          yamllint_comment: true
+#       env:
+#         GITHUB_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }
diff --git a/defaults/main.yml b/defaults/main.yml
index c54b35f..c73e297 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -4,11 +4,14 @@
 
 # set the ssh server port
 sshd__port: 22
-  # ssh password authorisatuin (not recomended)
+
+# ssh password authorisatuin (not recomended)
 sshd__password_authentication: false
-  # should we disable not selected ssh key types?
+
+# should we disable not selected ssh key types?
 sshd__manage_key_types: true
-  # choose ssh server allowed key types
+
+# choose ssh server allowed key types
 sshd__key_types:
   - 'ed25519'
   # - 'rsa'
@@ -56,17 +59,17 @@ sshd__macs:
   # - 'hmac-sha1'
 
 # Enable AllowUsers and AllowGroups options
-sshd__restrict_users: True
+sshd__restrict_users: true
 sshd__allowed_users:
   - "root"
   - "ansible"
-sshd__restrict_groups: True
+sshd__restrict_groups: true
 sshd__allowed_groups:
   - "root"
   - "admins"
-sshd__xforwarding: True
+sshd__xforwarding: true
 
-sshd__state: present # use latest for upgrading
+sshd__state: present  # use latest for upgrading
 
 # perform simple version check for this role? (true is recomended)
 submodules_versioncheck: false
diff --git a/handlers/main.yml b/handlers/main.yml
index 2ebe567..4631e53 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -1,6 +1,6 @@
 ---
 - name: systemctl restart ssh
-  become: yes
+  become: true
   ansible.builtin.systemd:
     name: "{{ sshd__service }}"
     state: restarted
diff --git a/meta/main.yml b/meta/main.yml
index 659d41a..bf1ce54 100644
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -1,25 +1,20 @@
 ---
 galaxy_info:
-  author: L3D
+  role_name: sshd
+  author: do1jlr
   description: Manage your SSH Server - and deploy a good sshd configuration
   license: "MIT"
-  min_ansible_version: 2.3
-  github_branch: master
+  min_ansible_version: 2.8
+  github_branch: main
   platforms:
     - name: Archlinux
       versions: all
     - name: Debian
-      versions:
-        - stretch
-        - sid
+      versions: all
     - name: Ubuntu
-      versions:
-        - bionic
-        - cosmic
+      versions: all
     - name: Fedora
-      versions:
-        - 28
-        - 29
+      versions: all
   galaxy_tags:
     - ssh
     - sshd

From 3d4540fc62cd352caf49460ae60293a7054782c5 Mon Sep 17 00:00:00 2001
From: L3D <l3d@c3woc.de>
Date: Thu, 11 Mar 2021 00:21:58 +0100
Subject: [PATCH 2/3] create yamllint

---
 .cache/roles/do1jlr.sshd | 1 -
 .gitignore               | 1 +
 .yamllint                | 8 ++++++++
 tasks/main.yml           | 2 +-
 4 files changed, 10 insertions(+), 2 deletions(-)
 delete mode 120000 .cache/roles/do1jlr.sshd
 create mode 100644 .gitignore
 create mode 100644 .yamllint

diff --git a/.cache/roles/do1jlr.sshd b/.cache/roles/do1jlr.sshd
deleted file mode 120000
index c25bddb..0000000
--- a/.cache/roles/do1jlr.sshd
+++ /dev/null
@@ -1 +0,0 @@
-../..
\ No newline at end of file
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..16d3c4d
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+.cache
diff --git a/.yamllint b/.yamllint
new file mode 100644
index 0000000..c8bbc93
--- /dev/null
+++ b/.yamllint
@@ -0,0 +1,8 @@
+---
+extends: default
+
+rules:
+  # 160 chars should be enough, but don't fail if a line is longer
+  line-length:
+    max: 160
+    level: warning
diff --git a/tasks/main.yml b/tasks/main.yml
index ae79b2a..06f0f5e 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -11,7 +11,7 @@
 
 - name: Collect all users and groups allowed to login via ssh
   set_fact:
-    sshd__allowed_users:  '{{ sshd__allowed_users + users.keys() | default({}) | sort }}'
+    sshd__allowed_users: '{{ sshd__allowed_users + users.keys() | default({}) | sort }}'
     sshd__allowed_groups: '{{ sshd__allowed_groups + users.keys() | default({}) | sort }}'
 
 - name: "try to get {{ sshd__package }} version"

From ea08ec991dca8b631121c4536c33cd9c80df7e25 Mon Sep 17 00:00:00 2001
From: L3D <l3d@c3woc.de>
Date: Thu, 11 Mar 2021 00:26:37 +0100
Subject: [PATCH 3/3] name all tasks

---
 tasks/main.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/tasks/main.yml b/tasks/main.yml
index 06f0f5e..b94a4b3 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -30,7 +30,8 @@
         sshd__version_is_above_eight: true
       when: ansible_facts.packages[sshd__package][0].version is version('8.0', '>=')
   rescue:
-    - ansible.builtin.debug:
+    - name: leave notice if version detection failed
+      ansible.builtin.debug:
         msg: "Failed to detect ssh version. Set sshd__version_is_above_eight to true if you want to experience new config features from sshd version 8"
 
 - name: manage ssh host keys