--- # - name: Debug ansible facts # ansible.builtin.debug: # msg: "{{ ansible_facts }}" # - name: Debug host vars # ansible.builtin.debug: # msg: "{{ hostvars[inventory_hostname]['ansible_fqdn'] }}" - name: Ensure ssh config dir exists delegate_to: localhost become: false ansible.builtin.file: path: "{{ lookup('env', 'HOME') }}/.ssh/conf.d/{{ sshd.config_path }}" state: directory owner: "{{ lookup('env', 'USER') }}" group: "{{ lookup('env', 'USER') }}" mode: '0700' - name: Generate local SSH key pair delegate_to: localhost become: false community.crypto.openssh_keypair: backend: opensshbin comment: "{{ ansible_user }}@{{ static_fqdn }}" mode: '0600' passphrase: "{{ ssh_keygen_passphrase }}" path: "{{ lookup('env', 'HOME') }}/.ssh/conf.d/{{ sshd.config_path }}/{{ static_fqdn }}" regenerate: full_idempotence size: 521 state: present type: ecdsa register: ssh_keygen - name: Copy SSH pubkey to target ansible.posix.authorized_key: key: "{{ ssh_keygen.public_key }}" user: "{{ ansible_user }}" state: present - name: Template out sshd_config ansible.builtin.template: src: sshd_config.j2 dest: /etc/ssh/sshd_config owner: root group: root mode: '0644' notify: - Restart sshd - name: Flush handlers for immediate shhd restart ansible.builtin.meta: flush_handlers - name: Add local ssh client config delegate_to: localhost become: false community.general.ssh_config: host: "{{ sshd.nickname | default(omit) }} {{ static_fqdn }}" hostname: "{{ static_fqdn }}" identity_file: "{{ ssh_keygen.filename }}" port: "{{ sshd.listen.port | default('22') }}" remote_user: "{{ ansible_user }}" ssh_config_file: "{{ lookup('env', 'HOME') }}/.ssh/conf.d/{{ sshd.config_path }}/{{ static_fqdn }}.conf" state: present - name: Include generated ssh config in default config file delegate_to: localhost become: false ansible.builtin.lineinfile: path: "{{ lookup('env', 'HOME') }}/.ssh/config" line: "Include {{ lookup('env', 'HOME') }}/.ssh/conf.d/{{ sshd.config_path }}/{{ static_fqdn }}.conf" mode: '0600' state: present create: true insertafter: ^Include\s.*$