diff --git a/README.md b/README.md
index 651276248bf1c4f08149db64bc6ab91b1d323f98..b861bd05c36902419fef2bd60bc80f8aaaed8309 100644
--- a/README.md
+++ b/README.md
@@ -12,7 +12,7 @@ This role initializes a server with the following actions :
 Requirements
 ------------
 
-This role mostly uses ansible.builtin module but also authorized_key from ansible.posix collection
+This role mostly uses mainly ansible.builtin modules but also authorized_key and sysctl from ansible.posix collection
 
 Role Variables
 --------------
@@ -34,6 +34,7 @@ Variables from vars directory (OS specific):
   * users_to_remove : list of users to remove from default delivered servers
 * Global :
   * default_ssh_public_keys : ssh_public_key + extra_public_key (if exists)
+  * sysctl_disable_ipv6_keys : sysctl entries to activate to disable ipv6
 
 This role also makes use of variables gathered from facts :
 * ansible_os_family : Family of Operating System (Debian or RedHat)
diff --git a/tasks/main.yml b/tasks/main.yml
index 6a2911ab7dedefeb80867862bc3423138ce0933e..a828a197e14f56037921a453442b7ade3cd7b542 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -156,6 +156,13 @@
       export TMOUT
   when: ansible_os_family == "RedHat"
 
+- name: disable ipv6
+  sysctl:
+    name: "{{ item }}"
+    value: '1'
+    sysctl_set: true
+  with_items: "{{ sysctl_disable_ipv6_keys }}"
+
 - name: Check if backup servers present in root known hosts
   lineinfile:
     path: /root/.ssh/known_hosts
diff --git a/templates/sshd_config.j2 b/templates/sshd_config.j2
index a2279e32c259f96dc6c0d8fc355b683c7723c401..e491820d2feff5a8501f85cd039a7e2b048c7235 100644
--- a/templates/sshd_config.j2
+++ b/templates/sshd_config.j2
@@ -10,6 +10,9 @@ LogLevel VERBOSE
 MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
 PasswordAuthentication no
 PermitRootLogin no
+{% if inventory_hostname in groups.gitlab %}
+Port 22
+{% endif %}
 Port {{ default_sshd_port }}
 PrintMotd no
 Subsystem sftp /usr/lib/openssh/sftp-server -f AUTHPRIV -l INFO
@@ -25,5 +28,5 @@ Match Group sftpgroup
       GatewayPorts no
       X11Forwarding no
 {% else %}
-AllowUsers {{ host_user }}{% if host_user2 is defined %} {{ host_user2 }}{% endif %}
+AllowUsers {{ host_user }}{% if host_user2 is defined %} {{ host_user2 }}{% endif %}{% if inventory_hostname in groups.gitlab %} git{% endif %}
 {% endif %}
diff --git a/vars/RedHat.yml b/vars/RedHat.yml
index 01eedb5bddd587cabb421fc1e49548d59f4204be..1fb5304c4054bdb2734db69ec92a5fd0bdfb9ae8 100644
--- a/vars/RedHat.yml
+++ b/vars/RedHat.yml
@@ -2,4 +2,4 @@
 packages_to_remove: []
 files_to_remove: []
 users_to_remove:
-- zabbix
+  - zabbix
diff --git a/vars/main.yml b/vars/main.yml
index 7237f738b7ceaf4bd3a360365153389a686deb19..9fbbd86c6718b3ac929106705c9e7b8f1755202b 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -1,2 +1,6 @@
 ---
 default_ssh_public_keys: "{{ ssh_public_key }}{% if extra_public_key is defined %} \n {{ extra_public_key }}{% endif %}"
+sysctl_disable_ipv6_keys:
+  - net.ipv6.conf.all.disable_ipv6
+  - net.ipv6.conf.default.disable_ipv6
+  - net.ipv6.conf.lo.disable_ipv6