regexp: "^{{ ansible_default_ipv6.address }}"

        line: "{{ ansible_default_ipv6.address }} {{ inventory_hostname }} {{ inventory_hostname }}.freifunk.lu"

        state: present

      tags: network,hostname,dns

    # SSH security improvements (EmptyPass, PassAuth, RootLogin)

    - name: Disable SSH Password Auth

      ansible.builtin.copy:

        dest: /etc/ssh/sshd_config.d/disable_password_auth.conf

        owner: root

        mode: u=rw,g=r,o=r

        content: |

      tags: network,ssh

    - name: Disable SSH Empty Password

      ansible.builtin.copy:

        dest: /etc/ssh/sshd_config.d/disable_empty_password.conf

        owner: root

        mode: u=rw,g=r,o=r

        content: |

      tags: network,ssh

    - name: Disable SSH Root Login

      ansible.builtin.copy:

        dest: /etc/ssh/sshd_config.d/disable_root_login.conf

        owner: root

        mode: u=rw,g=r,o=r

        content: |

      tags: network,ssh

    - name: Reload SSHD

      ansible.builtin.service:

        name: "sshd"

        state: "reloaded"

      tags: network,ssh

    # Create Freifunk Users

    - name: Create member users

      ansible.builtin.user:

        name: "{{ item.username }}"

        password: "{{ password | password_hash('sha512') }}"