ansible/roles/openssh_server/tasks/main.yml

---
- name: Install OpenSSH server
  apt:
    name: openssh-server

- name: Enable OpenSSH Server
  systemd:
    name: sshd.service
    enabled: true
    state: started

- name: Install sshd configuration file
  template:
    src: sshd_config.j2
    dest: /etc/ssh/sshd_config
    owner: root
    group: root
    mode: u=r,g=,o=
    validate: "/usr/sbin/sshd -tf %s"
  notify: Restart sshd

- name: Install Users CA public key
  copy:
    content: "{{ openssh_users_ca_public_key }}"
    dest: /etc/ssh/users_ca.pub
    owner: root
    group: root
    mode: u=r,g=,o=
  notify: Restart sshd

- name: Install authorized principals file
  copy:
    content: "{{ openssh_authorized_principals | join('\n') }}"
    dest: /etc/ssh/authorized_principals
    owner: root
    group: root
    mode: u=r,g=,o=
  notify: Restart sshd
...
Use the Users CA for authentication 2021-12-12 05:56:26 +01:00			`---`
			`- name: Install OpenSSH server`
			`apt:`
			`name: openssh-server`

			`- name: Enable OpenSSH Server`
			`systemd:`
			`name: sshd.service`
			`enabled: true`
			`state: started`

			`- name: Install sshd configuration file`
			`template:`
			`src: sshd_config.j2`
			`dest: /etc/ssh/sshd_config`
			`owner: root`
			`group: root`
			`mode: u=r,g=,o=`
			`validate: "/usr/sbin/sshd -tf %s"`
			`notify: Restart sshd`

			`- name: Install Users CA public key`
			`copy:`
			`content: "{{ openssh_users_ca_public_key }}"`
			`dest: /etc/ssh/users_ca.pub`
			`owner: root`
			`group: root`
			`mode: u=r,g=,o=`
			`notify: Restart sshd`

			`- name: Install authorized principals file`
			`copy:`
			`content: "{{ openssh_authorized_principals \| join('\n') }}"`
			`dest: /etc/ssh/authorized_principals`
			`owner: root`
			`group: root`
			`mode: u=r,g=,o=`
			`notify: Restart sshd`
			`...`