remove password auth for users

roles/setup_hosted_services/templates/dashboards.j2

@@ -41,7 +41,7 @@ services:
 {% if template_vars.glances %}
   glances:
     image: nicolargo/glances:latest-alpine
-    restart: always
+    restart: unless-stopped
     pid: host
     ports:
       - "8083:61208"

roles/setup_hosted_services/templates/diun.j2

@@ -22,6 +22,6 @@ services:
       - CONFIG=/data/config.yml
     labels:
       - diun.enable=true
-    restart: always
+    restart: unless-stopped
 volumes:
   data:

roles/setup_hosted_services/templates/gotify.j2

@@ -11,6 +11,6 @@ services:
       - data:/app/data
     ports:
       - 7875:80
-    restart: always
+    restart: unless-stopped
 volumes:
   data:

roles/setup_users/tasks/main.yml

@@ -1,18 +1,19 @@
 # https://stackoverflow.com/questions/37333305/ansible-create-a-user-with-sudo-privileges
-- name: Install Sudo.
+- name: Install Packages.
   ansible.builtin.apt:
     pkg:
       - sudo
+      - ufw
     state: latest
     update_cache: true
 
-- name: Make sure we have a groups.
+- name: Ensure group.
   ansible.builtin.group:
     name: '{{ item.group }}'
     state: present
   with_items: '{{ users }}'
 
-- name: Add Users.
+- name: Ensure Users.
   ansible.builtin.user:
     name: '{{ item.name }}'
     comment: '{{ item.name }} user'
@@ -40,3 +41,17 @@
     group: "{{ homelab_user }}"
     owner: "{{ homelab_user }}"
     mode: 0644
+
+- name: Disable password authentication for root.
+  lineinfile:
+    path: /etc/ssh/sshd_config
+    state: present
+    regexp: '^#?PermitRootLogin'
+    line: 'PermitRootLogin prohibit-password'
+
+- name: Disable password authentication for users.
+  lineinfile:
+    path: /etc/ssh/sshd_config
+    state: present
+    regexp: '^#?PasswordAuthentication'
+    line: 'PasswordAuthentication no'