feat: allow sshd to bind on multiple networks

roles/sshd/defaults/main.yml

@@ -1,7 +1,8 @@
 ---
 ssh_port: 22
-ssh_allowed_network: "192.168.1.0/24"
+ssh_allowed_networks:
-ssh_allowed_vpn_network: "192.168.27.0/27"
+  - { src: "192.168.1.0/24", comment: "SSH from LAN" }
+  - { src: "192.168.27.0/27", comment: "SSH from VPN" }
 ssh_users: "jokester" # space separated if many
 ssh_config_dir: "/etc/ssh"
 sshd_config: "{{ ssh_config_dir }}/sshd_config"

roles/sshd/tasks/main.yml

@@ -20,23 +20,15 @@
     name: "{{ ssh_service_name }}"
     enabled: true
 
-- name: Allow local network incoming connection
+- name: Allow SSH incoming connections
   community.general.ufw:
     rule: allow
     port: "{{ ssh_port }}"
     proto: tcp
-    from: "{{ ssh_allowed_network }}"
+    from: "{{ item.src }}"
     direction: in
-    comment: "SSH from local network"
+    comment: "{{ item.comment }}"
-
+  loop: "{{ ssh_allowed_networks }}"
-- name: Allow SSH VPN incoming connection
-  community.general.ufw:
-    rule: allow
-    port: "{{ ssh_port }}"
-    proto: tcp
-    from: "{{ ssh_allowed_vpn_network }}"
-    direction: in
-    comment: "SSH from VPN network"
 
 # TODO
 # - name: Add SSH public key to authorized_keys
@@ -105,8 +97,3 @@
     enabled: true
     state: started
 
-- name: Start and enable fail2ban
-  ansible.builtin.service:
-    name: fail2ban
-    state: started
-    enabled: true