Add openssh role

roles/openssh/defaults/main.yaml

@@ -0,0 +1,9 @@
+---
+openssh_package_name: 'openssh-server'
+openssh_package_state: 'present'
+
+openssh_service_name: 'sshd'
+openssh_service_state: 'started'
+openssh_service_enabled: true
+
+openssh_sshd_config: {}

roles/openssh/handlers/main.yaml

@@ -0,0 +1,6 @@
+---
+- name: reload openssh
+  service:
+    name: "{{ openssh_service_name }}"
+    state: reloaded
+  when: openssh_service_enabled

roles/openssh/tasks/main.yaml

@@ -0,0 +1,24 @@
+---
+- name: gather OS specific variables
+  include_vars: "{{ item }} "
+  with_first_found:
+    - "{{ ansible_distribution }}.yaml"
+    - "{{ ansible_os_family }}.yaml"
+- name: install openssh
+  package:
+    name: "{{ openssh_package_name }}"
+    state: "{{ openssh_package_state }}"
+
+- name: configure openssh
+  template:
+    src: sshd_config.j2
+    dest: /etc/ssh/sshd_config
+    validate: sshd -t -f %s
+  notify:
+    - reload openssh
+
+- name: start openssh
+  service:
+    name: "{{ openssh_service_name }}"
+    state: "{{ openssh_service_state }}"
+    enabled: "{{ openssh_service_enabled }}"

roles/openssh/templates/sshd_config.j2

@@ -0,0 +1,16 @@
+# {{ ansible_managed }}
+
+{% set sshd_config = openssh_default_sshd_config | combine(openssh_sshd_config) %}
+{% for k, v in sshd_config | dictsort %}
+{% if v is sameas true %}
+{{ k }} {{ v }}
+{% elif v is sameas false %}
+{{ k }} {{ v }}
+{% elif v is string or v is number %}
+{{ k }} {{ v }}
+{% else %}
+{% for vi in v %}
+{{ k }} {{ vi }}
+{% endfor %}
+{% endif %}
+{% endfor %}

roles/openssh/vars/Debian.yaml

@@ -0,0 +1 @@
+---

roles/openssh/vars/RedHat.yaml

@@ -0,0 +1 @@
+---

roles/openssh/vars/Ubuntu.yaml

@@ -0,0 +1,9 @@
+---
+openssh_default_sshd_config:
+  PasswordAuthentication: 'no'
+  ChallengeResponseAuthentication: 'no'
+  UsePAM: 'yes'
+  X11Forwarding: 'yes'
+  PrintMotd: 'no'
+  AcceptEnv: LANG LC_*
+  Subsystem: 'sftp /usr/lib/openssh/sftp-server'