iiab/roles/sshd/tasks/install.yml

# TODO:
#
# 1) Implement sshd_port IF it's truly needed? Mentioned here as of 2022-12-27:
#
#    vars/default_vars.yml  Line 226
#    roles/sshd/tasks/install.yml  Lines 45-46
#    roles/network/tasks/avahi.yml  Line 46
#    roles/network/templates/gateway/iiab-gen-iptables  Line 71 & 153
#
# 2) Use Ansible handler to reload ssh?


- name: Record (initial) disk space used
  shell: df -B1 --output=used / | tail -1
  register: df1


- name: "Install ssh daemon using package: {{ sshd_package }}"
  package:
    name: "{{ sshd_package }}"
    state: present

- name: Disable password-based logins to root
  lineinfile:
    dest: /etc/ssh/sshd_config
    regexp: '^PermitRootLogin'
    line: 'PermitRootLogin without-password'
    state: present

- name: mkdir /root/.ssh
  file:
    state: directory
    path: /root/.ssh
    owner: root
    group: root
    mode: '0700'

- name: Install dummy root keys as placeholder
  copy:
    src: dummy_authorized_keys
    dest: /root/.ssh/authorized_keys
    owner: root
    group: root
    mode: '0600'
    force: no


# RECORD sshd AS INSTALLED

- name: Record (final) disk space used
  shell: df -B1 --output=used / | tail -1
  register: df2

- name: Add 'sshd_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }}
  ini_file:
    path: "{{ iiab_ini_file }}"    # /etc/iiab/iiab.ini
    section: sshd
    option: sshd_disk_usage
    value: "{{ df2.stdout|int - df1.stdout|int }}"

- name: "Set 'sshd_installed: True'"
  set_fact:
    sshd_installed: True

- name: "Add 'sshd_installed: True' to {{ iiab_state_file }}"
  lineinfile:
    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
    regexp: '^sshd_installed'
    line: 'sshd_installed: True'