first commit

roles/server/config.sh

@@ -0,0 +1,28 @@
+#!/usr/bin/env bash
+# Configuration du rôle server
+source "$PROJECT_DIR/lib.sh"
+enable_strict_mode
+
+cat <<'EOM'
+
+=> Server configuration
+
+EOM
+
+ensure_grub_cmdline
+
+SSH_DIR="/etc/ssh/sshd_config.d"
+mkdir -p "$SSH_DIR"
+SSH_CONF="${SSH_DIR}/custom.conf"
+
+read -r -d '' SSH_CONF_CONTENT <<'EOM' || true
+# SSH keys only
+PasswordAuthentication no
+PubkeyAuthentication yes
+PermitEmptyPasswords no
+EOM
+
+if write_text_file_if_changed "$SSH_CONF_CONTENT" "$SSH_CONF" >/dev/null; then
+	restart_service_if_present ssh
+	restart_service_if_present sshd
+fi