sshd

ansible/group_vars/all.yaml

@@ -0,0 +1 @@
+---

ansible/host_vars/lab.yaml

@@ -0,0 +1,6 @@
+---
+
+# sshd
+
+authorized_keys_file: lab_authorized_keys
+openssh_configuration_src: sshd_config_arch

ansible/playbooks/lab.yaml

@@ -0,0 +1,9 @@
+---
+- name: Configure lab host
+  gather_facts: true
+  hosts: lab
+  become: true
+
+  roles:
+    - sshd
+    - firewall

ansible/roles/sshd/handlers/main.yml

@@ -0,0 +1,9 @@
+---
+
+- name: restart openssh
+  ansible.builtin.service:
+    name: "{{ openssh_service }}"
+    state: restarted
+  when:
+    - not ansible_check_mode
+    - not openssh_restart_immediately

ansible/roles/sshd/tasks/main.yml

@@ -5,3 +5,34 @@
     state: latest
     update_cache: true
     reason: explicit
+  when:
+    - ansible_os_family == 'Arch'
+
+- name: add authorized keys
+  ansible.builtin.copy:
+    dest: "/home/{{ ansible_user }}/.ssh/authorized_keys"
+    src: "{{ authorized_keys_file }}"
+    mode: 0600
+    owner: "{{ ansible_user }}"
+    group: "{{ ansible_user }}"
+
+- name: configure openssh
+  ansible.builtin.copy:
+    dest: "{{ openssh_configuration_file }}"
+    src: "{{ openssh_configuration_src }}"
+    mode: "{{ openssh_configuration_mode }}"
+    owner: root
+    group: root
+  notify:
+    - restart openssh
+
+- name: start and enable openssh
+  ansible.builtin.service:
+    name: "{{ openssh_service }}"
+    state: started
+    enabled: yes
+
+- name: flush handlers
+  ansible.builtin.meta: flush_handlers
+  when:
+    - openssh_restart_immediately