ansible/roles/common/tasks/sshd.yml

---

- name: Allow ssh on firewall
  ufw:
    rule: allow
    port: 22
    proto: tcp

- name: Create ssh configuration environment directory
  file:
    state: directory
    path: "{{ global_ssh_configuration_environment_directory }}"
    owner: root
    group: root
    mode: "u=rwx,g=rx,o=rx"

- name: Upload makefile to ssh configuration environment
  template:
    src: ssh_config.makefile
    dest: "{{ global_ssh_configuration_environment_directory }}/makefile"
    owner: root
    group: root
    mode: "u=rw,g=r,o=r"

- name: Create link in ssh configuration environment
  file:
    state: link
    src: "{{ global_ssh_configuration_directory }}"
    dest: "{{ global_ssh_configuration_link }}"

- name: Upload main sshd_config
  template:
    src: 0_main.sshd_config
    dest: "{{ global_ssh_configuration_environment_directory }}/0_main.sshd_config"
    owner: root
    group: root
    mode: "u=rw,g=r,o=r"
  notify: reassemble sshd config

- name: Collect ssh host keys
  command: "cat /etc/ssh/ssh_host_{{ item | quote }}_key.pub"
  loop: "{{ ssh_host_key_types }}"
  register: ssh_host_keys
  changed_when: False
  check_mode: no

- name: Create directory for host keys locally
  file:
    path: "{{ global_ssh_host_key_directory }}/{{ inventory_hostname }}"
    state: directory
    owner: "{{ global_local_user }}"
    group: "{{ global_local_user }}"
    mode: "u=rwx,g=rx,o=rx"
  delegate_to: localhost

- name: Store ssh host keys locally
  copy:
    content: "{{ item.stdout }}\n"
    dest: "{{ global_ssh_host_key_directory }}/{{ inventory_hostname }}/{{ item.item }}"
    owner: "{{ global_local_user }}"
    group: "{{ global_local_user }}"
    mode: "u=rw,g=r,o=r"
  delegate_to: localhost
  loop: "{{ ssh_host_keys.results }}"
  loop_control:
    label: "{{ item.item }}"

- name: Generate ssh host key dns fingerprints locally
  make:
    chdir: "{{ global_ssh_host_key_directory }}/{{ inventory_hostname }}"
    file: "{{ playbook_dir }}/helpers/ssh_dns_fingerprints.makefile"
    target: dns
  delegate_to: localhost
Added role common 6 years ago			`---`

			`- name: Allow ssh on firewall`
			`ufw:`
			`rule: allow`
			`port: 22`
			`proto: tcp`

common: Reworked ssh configuration generation 5 years ago			`- name: Create ssh configuration environment directory`
			`file:`
			`state: directory`
			`path: "{{ global_ssh_configuration_environment_directory }}"`
			`owner: root`
			`group: root`
			`mode: "u=rwx,g=rx,o=rx"`

			`- name: Upload makefile to ssh configuration environment`
			`template:`
			`src: ssh_config.makefile`
			`dest: "{{ global_ssh_configuration_environment_directory }}/makefile"`
			`owner: root`
			`group: root`
			`mode: "u=rw,g=r,o=r"`

			`- name: Create link in ssh configuration environment`
			`file:`
			`state: link`
			`src: "{{ global_ssh_configuration_directory }}"`
			`dest: "{{ global_ssh_configuration_link }}"`

			`- name: Upload main sshd_config`
			`template:`
			`src: 0_main.sshd_config`
			`dest: "{{ global_ssh_configuration_environment_directory }}/0_main.sshd_config"`
			`owner: root`
			`group: root`
			`mode: "u=rw,g=r,o=r"`
			`notify: reassemble sshd config`
Added role common 6 years ago
common: Added downloading and processing ssh host keys 5 years ago			`- name: Collect ssh host keys`
			`command: "cat /etc/ssh/ssh_host_{{ item \| quote }}_key.pub"`
			`loop: "{{ ssh_host_key_types }}"`
			`register: ssh_host_keys`
			`changed_when: False`
			`check_mode: no`

			`- name: Create directory for host keys locally`
Fixed some lint errors - Added missing default parameters - Added names to tasks - Configured changed\|failed_when options - Used command instead of shell module - Changed local_action to delegate_to - Added line to file ending 5 years ago			`file:`
Changed "ansible_fqdn" to "inventory_hostname" Due to some hosts misconfigure fqdn themselves 5 years ago			`path: "{{ global_ssh_host_key_directory }}/{{ inventory_hostname }}"`
common: Added downloading and processing ssh host keys 5 years ago			`state: directory`
			`owner: "{{ global_local_user }}"`
			`group: "{{ global_local_user }}"`
			`mode: "u=rwx,g=rx,o=rx"`
Fixed some lint errors - Added missing default parameters - Added names to tasks - Configured changed\|failed_when options - Used command instead of shell module - Changed local_action to delegate_to - Added line to file ending 5 years ago			`delegate_to: localhost`
common: Added downloading and processing ssh host keys 5 years ago
			`- name: Store ssh host keys locally`
Fixed some lint errors - Added missing default parameters - Added names to tasks - Configured changed\|failed_when options - Used command instead of shell module - Changed local_action to delegate_to - Added line to file ending 5 years ago			`copy:`
common: Added downloading and processing ssh host keys 5 years ago			`content: "{{ item.stdout }}\n"`
Changed "ansible_fqdn" to "inventory_hostname" Due to some hosts misconfigure fqdn themselves 5 years ago			`dest: "{{ global_ssh_host_key_directory }}/{{ inventory_hostname }}/{{ item.item }}"`
common: Added downloading and processing ssh host keys 5 years ago			`owner: "{{ global_local_user }}"`
			`group: "{{ global_local_user }}"`
			`mode: "u=rw,g=r,o=r"`
Fixed some lint errors - Added missing default parameters - Added names to tasks - Configured changed\|failed_when options - Used command instead of shell module - Changed local_action to delegate_to - Added line to file ending 5 years ago			`delegate_to: localhost`
common: Added downloading and processing ssh host keys 5 years ago			`loop: "{{ ssh_host_keys.results }}"`
			`loop_control:`
			`label: "{{ item.item }}"`

			`- name: Generate ssh host key dns fingerprints locally`
Fixed some lint errors - Added missing default parameters - Added names to tasks - Configured changed\|failed_when options - Used command instead of shell module - Changed local_action to delegate_to - Added line to file ending 5 years ago			`make:`
Changed "ansible_fqdn" to "inventory_hostname" Due to some hosts misconfigure fqdn themselves 5 years ago			`chdir: "{{ global_ssh_host_key_directory }}/{{ inventory_hostname }}"`
common: Added downloading and processing ssh host keys 5 years ago			`file: "{{ playbook_dir }}/helpers/ssh_dns_fingerprints.makefile"`
			`target: dns`
Fixed some lint errors - Added missing default parameters - Added names to tasks - Configured changed\|failed_when options - Used command instead of shell module - Changed local_action to delegate_to - Added line to file ending 5 years ago			`delegate_to: localhost`