myos/ansible/roles/hosts/tasks/ssh.yml

---
# file: tasks/ssh.yml

- name: ssh - add keys to file ~/.ssh/authorized_keys
  authorized_key: user="root" key=https://github.com/{{item}}.keys
  with_items: "{{hosts_ssh_users|default([])}}"
  become: yes

- name: ssh - copy ssh private keys
  with_items: "{{hosts_ssh_private_keys|default([])}}"
  copy: src={{item}} dest=~/.ssh/ mode=0400
  become: yes

- name: ssh - add public hosts keys to known_hosts
  with_items: "{{hosts_ssh_public_hosts_keys|default([])}}"
  known_hosts:
    name: "{{item.name}}"
    key: "{{ lookup('file', '{{item.key}}') }}"
  become: yes

- name: ssh - define configuration
  set_fact:
    sshd_config:
    - dest: /etc/conf.d/dropbear
      line: 'DROPBEAR_OPTS="\1 -b /etc/issue.net"'
      regex: '^DROPBEAR_OPTS="((?!.*-b /etc/issue.net).*)"$'
    - dest: /etc/ssh/sshd_config
      line: Banner /etc/issue.net
      regex: ^#?Banner

- name: ssh - stat configuration file
  changed_when: false
  register: sshd_config_stat
  stat:
    path: '{{item.dest}}'
  with_items: '{{sshd_config|default([])}}'

- name: ssh - configure sshd
  become: yes
  lineinfile:
    backrefs: true
    dest: '{{item.0.dest}}'
    line: '{{item.0.line}}'
    regex: '{{item.0.regex}}'
  with_together:
  - '{{sshd_config|default([])}}'
  - '{{sshd_config_stat.results}}'
  when: item.1.stat.exists
import files 2021-02-09 17:05:00 +01:00			`---`
			`# file: tasks/ssh.yml`

			`- name: ssh - add keys to file ~/.ssh/authorized_keys`
			`authorized_key: user="root" key=https://github.com/{{item}}.keys`
			`with_items: "{{hosts_ssh_users\|default([])}}"`
			`become: yes`

			`- name: ssh - copy ssh private keys`
			`with_items: "{{hosts_ssh_private_keys\|default([])}}"`
			`copy: src={{item}} dest=~/.ssh/ mode=0400`
			`become: yes`

			`- name: ssh - add public hosts keys to known_hosts`
			`with_items: "{{hosts_ssh_public_hosts_keys\|default([])}}"`
			`known_hosts:`
			`name: "{{item.name}}"`
			`key: "{{ lookup('file', '{{item.key}}') }}"`
			`become: yes`

			`- name: ssh - define configuration`
			`set_fact:`
			`sshd_config:`
			`- dest: /etc/conf.d/dropbear`
			`line: 'DROPBEAR_OPTS="\1 -b /etc/issue.net"'`
			`regex: '^DROPBEAR_OPTS="((?!.-b /etc/issue.net).)"$'`
			`- dest: /etc/ssh/sshd_config`
			`line: Banner /etc/issue.net`
			`regex: ^#?Banner`

			`- name: ssh - stat configuration file`
			`changed_when: false`
			`register: sshd_config_stat`
			`stat:`
			`path: '{{item.dest}}'`
			`with_items: '{{sshd_config\|default([])}}'`

			`- name: ssh - configure sshd`
			`become: yes`
			`lineinfile:`
			`backrefs: true`
			`dest: '{{item.0.dest}}'`
			`line: '{{item.0.line}}'`
			`regex: '{{item.0.regex}}'`
			`with_together:`
			`- '{{sshd_config\|default([])}}'`
			`- '{{sshd_config_stat.results}}'`
			`when: item.1.stat.exists`