feat(bundle): switching to different hardening role

bootstrap.yml

@@ -31,27 +31,12 @@
     user_name: "operator"
     user_pubkey: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIElTjmqtmr7xPTDjmWz7bN9vw7HXZds8Hxc99qBEGN/Y jack@turing"
 
-    # SSH hardening defaults - secure by default
-    ssh_permit_root_login: "no"
-    ssh_server_password_login: false
-    ssh_client_password_login: false
-    ssh_allow_tcp_forwarding: "no"
-    ssh_allow_agent_forwarding: false
-    ssh_x11_forwarding: false
-    ssh_permit_tunnel: "no"
-    ssh_use_pam: true
-    ssh_print_motd: false
-    ssh_print_last_log: false
-    ssh_max_auth_retries: 2
-    ssh_client_alive_interval: 300
-    ssh_client_alive_count: 3
-
     # Include sshd_config.d for distro-specific configs
     sshd_custom_options:
       - "Include /etc/ssh/sshd_config.d/*"
 
     # Restrict SSH to created user (set to empty string to allow all users)
-    # ssh_allow_users: "{{ user_name }}"
+    ssh_allow_users: "{{ user_name }}"
 
   pre_tasks:
     - name: Update apt cache
@@ -71,7 +56,7 @@
     - role: users
       become: yes
 
-    - role: dev-sec.ssh-hardening
+    - role: devsec.hardening.ssh_hardening
       become: yes
 
   post_tasks:

requirements.yml

@@ -1,4 +1,4 @@
 ---
 roles:
-  - name: dev-sec.ssh-hardening
+  - name: devsec.hardening.ssh_hardening