Refactor: Organize Ansible project structure

- Reorganized Ansible project structure to follow best practices.
- Created dedicated directories: , , , , and .
- Categorized playbooks into  (host-specific) and  (service-specific).
- Moved all roles into the  directory and standardized their naming conventions.
- Relocated  to  for better variable management.
- Renamed  to  to reflect its global variable scope.
- Created  to correctly set the  to the new  directory.
- Moved  and  into the  directory.
- Added  to  providing explanations for common commands.
- Cleaned up  directories from all individual roles to centralize version control.

roles/security/tasks/ssh.yml

@@ -0,0 +1,34 @@
+---
+- name: Ensure SSH daemon is running.
+  service:
+    name: "{{ security_sshd_name }}"
+    state: "{{ security_sshd_state }}"
+
+- name: Update SSH configuration to be more secure.
+  lineinfile:
+    dest: "{{ security_ssh_config_path }}"
+    regexp: "{{ item.regexp }}"
+    line: "{{ item.line }}"
+    state: present
+    validate: "sshd -T -f %s"
+    mode: 0644
+  with_items:
+    - regexp: "^PasswordAuthentication"
+      line: "PasswordAuthentication {{ security_ssh_password_authentication }}"
+    - regexp: "^PermitRootLogin"
+      line: "PermitRootLogin {{ security_ssh_permit_root_login }}"
+    - regexp: "^Port"
+      line: "Port {{ security_ssh_port }}"
+    - regexp: "^UseDNS"
+      line: "UseDNS {{ security_ssh_usedns }}"
+    - regexp: "^PermitEmptyPasswords"
+      line: "PermitEmptyPasswords {{ security_ssh_permit_empty_password }}"
+    - regexp: "^ChallengeResponseAuthentication"
+      line: "ChallengeResponseAuthentication {{ security_ssh_challenge_response_auth }}"
+    - regexp: "^GSSAPIAuthentication"
+      line: "GSSAPIAuthentication {{ security_ssh_gss_api_authentication }}"
+    - regexp: "^X11Forwarding"
+      line: "X11Forwarding {{ security_ssh_x11_forwarding }}"
+    #- regexp: "^ListenAddress"
+    #  line: "ListenAddress {{ ip_admin }}"
+  notify: restart ssh