iiab/roles/sshd/tasks/main.yml

- name: "Install ssh daemon using package: {{ sshd_package }}"
  package:
    name: "{{ sshd_package }}"
    state: present
  when: sshd_enabled | bool

- name: Disable root login with password
  lineinfile:
    dest: /etc/ssh/sshd_config
    regexp: '^PermitRootLogin'
    line: 'PermitRootLogin without-password'
    state: present
  when: sshd_enabled | bool
#TODO: use handler to reload ssh

- name: Create root .ssh
  file:
    path: /root/.ssh
    owner: root
    group: root
    mode: 0700
    state: directory
  when: sshd_enabled | bool

- name: Install dummy root keys as placeholder
  copy:
    src: dummy_authorized_keys
    dest: /root/.ssh/authorized_keys
    owner: root
    group: root
    mode: 0600
    force: no
  when: sshd_enabled | bool

- name: Enable & start ssh daemon
  service:
    name: "{{ sshd_service }}"
    enabled: yes
    state: started
  when: sshd_enabled | bool

- name: Disable ssh daemon
  service:
    name: "{{ sshd_service }}"
    enabled: no
    state: stopped
  when: not sshd_enabled