dm4/roles/ssh/defaults/main.yml

---

users:
  - name: maverik
    groups:
      - TOPGUN
      - sudo
    config: "maverik   ALL = (maverik) /usr/sbin/reboot,/usr/bin/apt"
  - name: charlie
    groups:
      - TOPGUN
      - sudo
    config: |
      Defaults:charlie timestamp_timeout=15
      charlie   ALL=(ALL:ALL) ALL      
  - name: goose
    groups:
      - TOPGUN
    config: ""

ssh_config:
  - option: Port
    value: 22
  - option: ListenAddress
    value: "0.0.0.0"
  - option: PermitRootLogin
    value: "no"
  - option: LogLevel
    value: VERBOSE
  - option: ChallengeResponseAuthentication
    value: "yes"
  - option: UsePAM
    value: "yes"
  - option: AllowUsers
    value: maverik charlie goose ansible

ssh_raw_config: |
  Match User ansible
    AuthenticationMethods publickey

  Match User maverik
    PubkeyAuthentication no
    PasswordAuthentication no
    AuthenticationMethods keyboard-interactive:pam

  Match User charlie
    PasswordAuthentification no
    AuthenticationMethods publickey,keyboard-interactive:pam

  Match User goose
    PubkeyAuthentication no
    PasswordAuthentication yes