ansible/roles/common/tasks/sshd.yml

---

- name: Allow ssh on firewall
  ufw:
    rule: allow
    port: 22
    proto: tcp

- name: Create ssh configuration environment directory
  file:
    state: directory
    path: "{{ global_ssh_configuration_environment_directory }}"
    owner: root
    group: root
    mode: "u=rwx,g=rx,o=rx"

- name: Upload makefile to ssh configuration environment
  template:
    src: ssh_config.makefile
    dest: "{{ global_ssh_configuration_environment_directory }}/makefile"
    owner: root
    group: root
    mode: "u=rw,g=r,o=r"

- name: Create link in ssh configuration environment
  file:
    state: link
    src: "{{ global_ssh_configuration_directory }}"
    dest: "{{ global_ssh_configuration_link }}"

- name: Upload main sshd_config
  template:
    src: 0_main.sshd_config
    dest: "{{ global_ssh_configuration_environment_directory }}/0_main.sshd_config"
    owner: root
    group: root
    mode: "u=rw,g=r,o=r"
    validate: "{{ global_validate_sshd_config }}"
  notify: reassemble sshd config

- name: Upload main ssh_config
  template:
    src: 0_main.ssh_config
    dest: "{{ global_ssh_configuration_environment_directory }}/0_main.ssh_config"
    owner: root
    group: root
    mode: "u=rw,g=r,o=r"
  notify: reassemble ssh config
  tags:
    - ssh_config

- name: Collect ssh host keys
  command: "cat /etc/ssh/ssh_host_{{ item | quote }}_key.pub"
  loop: "{{ ssh_host_key_types }}"
  register: ssh_host_keys
  changed_when: False
  check_mode: no

- name: Create directory for host keys locally
  file:
    path: "{{ global_ssh_host_key_directory }}/{{ inventory_hostname }}"
    state: directory
    owner: "{{ global_local_user }}"
    group: "{{ global_local_user }}"
    mode: "u=rwx,g=rx,o=rx"
  delegate_to: localhost

- name: Store ssh host keys locally
  copy:
    content: "{{ item.stdout }}\n"
    dest: "{{ global_ssh_host_key_directory }}/{{ inventory_hostname }}/{{ item.item }}"
    owner: "{{ global_local_user }}"
    group: "{{ global_local_user }}"
    mode: "u=rw,g=r,o=r"
  delegate_to: localhost
  loop: "{{ ssh_host_keys.results }}"
  loop_control:
    label: "{{ item.item }}"