more work, get rid of jail stuff, using vps directly

roles/pubnix/tasks/main.yaml

@@ -33,7 +33,7 @@
   register: jailip
       
 - name: create jail
-  shell: "bastille create -V {{ role_name }} {{ release }} {{ jailip.stdout }}/64 vtnet0"
+  shell: "bastille create -B {{ role_name }} {{ release }} {{ jailip.stdout }}/64 bridge0"
   args:
     creates: /usr/local/bastille/jails/{{ role_name }}
 

roles/remove/tasks/main.yaml

@@ -1,4 +1,9 @@
 ---
+- name: Remove volume
+  hetzner.hcloud.volume:
+    name: home
+    state: absent
+
 - name: Remove server
   hcloud_server:
     name: "{{ hostname }}"
@@ -9,4 +14,3 @@
     state: absent
     ssh_keys: "{{ ssh_keys }}"
   register: server
-

roles/ssh/files/sshd_config

@@ -0,0 +1,14 @@
+LogLevel INFO
+LoginGraceTime 1m
+PermitRootLogin no
+StrictModes yes
+MaxAuthTries 3
+MaxSessions 2
+PubkeyAuthentication yes
+PasswordAuthentication no
+KbdInteractiveAuthentication no
+AllowAgentForwarding no
+AllowTcpForwarding no
+GatewayPorts no
+X11Forwarding no
+

roles/ssh/handlers/main.yaml

@@ -0,0 +1,7 @@
+---
+- name: start sshd
+  service:
+    name: sshd
+    state: restarted
+  async: 45
+  poll: 5

roles/ssh/tasks/main.yaml

@@ -0,0 +1,11 @@
+---
+- name: copy config file
+  copy:
+    src: sshd_config
+    dest: "/etc/ssh/"
+
+- name: restart sshd
+  community.general.sysrc:
+    name: sshd_enable
+    value: "YES"
+  notify: restart sshd