From 1a2890936b6fb30ba3ca3b2dcb6fc2925cd9aa07 Mon Sep 17 00:00:00 2001
From: Benjamin Graillot <graillot@crans.org>
Date: Wed, 19 Aug 2020 14:04:18 +0200
Subject: [PATCH 1/2] [openssh] Permit root login

---
 roles/openssh/tasks/main.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/openssh/tasks/main.yml b/roles/openssh/tasks/main.yml
index 575af6bd..398c3264 100644
--- a/roles/openssh/tasks/main.yml
+++ b/roles/openssh/tasks/main.yml
@@ -2,8 +2,8 @@
 - name: Filter SSH on groups
   lineinfile:
     dest: /etc/ssh/sshd_config
-    regexp: ^AllowGroups
-    line: "AllowGroups {{ ssh_allow_groups }}"
+    regexp: ^#?PermitRootLogin
+    line: "PermitRootLogin yes"
     state: present
   notify: Restart sshd service
 

From 94ae57f24eb1c91e8dd63989cfbf95b84ecb9940 Mon Sep 17 00:00:00 2001
From: Benjamin Graillot <graillot@crans.org>
Date: Wed, 19 Aug 2020 14:05:22 +0200
Subject: [PATCH 2/2] [openssh] Apply openssh role at the end of root.yml

---
 plays/root.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/plays/root.yml b/plays/root.yml
index a958296b..6e9cfe3f 100755
--- a/plays/root.yml
+++ b/plays/root.yml
@@ -46,3 +46,7 @@
   roles:
     - ldap-client
     - home-nounous
+
+- hosts: server
+  roles:
+    - openssh