finish tasks and structuring

enable_2fa.yml

+---
+- hosts: 
+  become: true
+  
+  roles:
+  - configure_pam
+  - configure_sshd_conf
+  - install_googleauth
\ No newline at end of file

files/sshd_config

+UsePAM yes
+ 
+Challenge ResponseAuthentication yes
+ 
+PermitRootLogin yes
+ 
+AuthenticationMethods publickey,keyboard-interactive
\ No newline at end of file

roles/configure_pam/tasks/main.yml

+---
+- name: insert lines in /etc/pam.d/sshd
+  blockinfile:
+    path: /etc/pam.d/sshd
+    block: |
+      # two-factor authentication via Google Authenticator 
+      auth required pam_google_authenticator.so no_increment_hotp nullok
+  
+- name: restart ssh
+  service:
+    name: ssh
+    state: restarted
\ No newline at end of file

roles/configure_sshd_conf/tasks/main.yml

+---
+- name: check if sshd_config.d directory exists
+  stat:
+    path: "{{ item }}"
+  register: folder_stats
+  with_items:
+  - ["/etc/ssh/sshd_config.d"]
+    
+- name: insert lines if directory doesn't exists
+  with_items: "{{ folder_stats.results }}"
+  lineinfile:
+    path: /etc/ssh/sshd_config
+    state: present
+    line: "AllowUsers      slub root \n AllowGroups     ssh"
+  when: item.stat.exists == false
+
+- name: create extra sshd_config
+  with_items: "{{ folder_stats.results }}"
+  template:
+    src: ./files/sshd_config
+    dest: /etc/ssh/sshd_config.d/sshd.config
+    owner: root
+    group: root
+    mode: '0644'
+  when: item.stat.exists == true
+
+- name: restart ssh
+  service:
+    name: ssh
+    state: restarted
\ No newline at end of file

roles/install_googleauth/tasks/main.yml

+---
+- name: Install google_authenticator
+  package:
+    name: libpam-google-authenticator
+    state: present
\ No newline at end of file

roles/main.yml

+---
+
+- import_tasks: "configure_pam.yml"
+- import_tasks: "configure_sshd_conf.yml"
+- import_tasks: "install_googleauth.yml"
\ No newline at end of file