ssh: explicitly enable or disable the service at boot (#771)

Signed-off-by: Sevan Murriguian-Watrin <git@byh0ki.fr>

roles/ssh_hardening/defaults/main.yml

@@ -6,9 +6,12 @@ network_ipv6_enable: true # sshd + ssh
 ssh_client_config_file: /etc/ssh/ssh_config # ssh
 ssh_server_config_file: /etc/ssh/sshd_config # sshd
 
-# true if sshd should be started and enabled
+# true if sshd should be started
 ssh_server_enabled: true # sshd
 
+# true if sshd should be enabled at boot
+ssh_server_service_enabled: true # sshd
+
 # true if DNS resolutions are needed, look up the remote host name,
 # defaults to false from 6.8, see: http://www.openssh.com/txt/release-6.8
 ssh_use_dns: false # sshd

roles/ssh_hardening/tasks/hardening.yml

@@ -144,3 +144,8 @@
   when:
     - sshd_disable_crypto_policy | bool
     - ('crypto-policies' in ansible_facts.packages)
+
+- name: Enable or disable sshd service
+  ansible.builtin.service:
+    name: "{{ sshd_service_name }}"
+    enabled: "{{ ssh_server_service_enabled }}"