#!/usr/bin/env ansible-playbook
---
- hosts: all,!unifi
  vars:
    openssh_users_ca_public_key:
      "ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAAB\
      hBIpT7d7WeR88bs53KkNkZNOzkPJ7CQ5Ui6Wl9LXzAjjIdH+hKJieBMHrKew7+kzxGYaTqXW\
      F1fQWsACG6aniy7VZpsdgTaNw7qr9frGfmo950V7IlU6w1HRc5c+3oVBWpg=="
    openssh_authorized_principals:
      - any
      - "{{ inventory_hostname }}"
    openssh_whitelist_groups: "{{ ['adherent']
                                  if inventory_hostname == 'camelot.adm.auro.re'
                                  else [] }}"
    openssh_allow_passwords: "{{ inventory_hostname == 'camelot.adm.auro.re' }}"
  roles:
    - openssh_server
...