From b22c0597aa87541ddcd2b26deb0e0ed953199758 Mon Sep 17 00:00:00 2001
From: Lilian Roller <lilian.roller@wingcon.com>
Date: Thu, 14 Nov 2019 11:12:47 +0100
Subject: [PATCH] add option 'generate_modern_ssh_keys | bool'

---
 defaults/main.yml |  2 ++
 tasks/main.yml    | 20 ++++++++++++++------
 vars/main.yml     |  2 +-
 3 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 685898b..ab5248f 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -27,5 +27,7 @@ use_diffie_hellman_group_exchange_sha256: false
 use_aes256_ctr: false
 use_hmac_sha2_512: false
 
+generate_modern_ssh_keys: true
+
 # version check for this role?
 submodules_versioncheck: true
diff --git a/tasks/main.yml b/tasks/main.yml
index 89a6922..caf188c 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -41,7 +41,9 @@
     creates: 'ssh_host_ecdsa_key.pub'
   notify:
     - restart ssh
-  when: generate_ecdsa_too|bool
+  when:
+    - generate_ecdsa_too | bool
+    - generate_modern_ssh_keys | bool
 
 - name: Generate new ed25519 ssh host key pair if necessary
   become: yes
@@ -51,7 +53,9 @@
     creates: 'ssh_host_ed25519_key.pub'
   notify:
     - restart ssh
-  when: ansible_distribution_release != 'wheezy'
+  when:
+    - ansible_distribution_release != 'wheezy'
+    - generate_modern_ssh_keys | bool
 
 - name: Remove unwanted host keys
   become: yes
@@ -64,8 +68,9 @@
   notify:
     - restart ssh
   when:
-    - generate_ecdsa_too|bool
+    - generate_ecdsa_too | bool
     - ansible_distribution_release != 'wheezy'
+    - generate_modern_ssh_keys | bool
 
 - name: Remove unwanted host keys
   become: yes
@@ -79,8 +84,9 @@
   notify:
     - restart ssh
   when:
-    - not generate_ecdsa_too|bool
+    - not generate_ecdsa_too | bool
     - ansible_distribution_release != 'wheezy'
+    - generate_modern_ssh_keys | bool
 
 - name: make sure the correct keys are available
   file:
@@ -94,8 +100,9 @@
   notify:
     - restart ssh
   when:
-    - not generate_ecdsa_too|bool
+    - not generate_ecdsa_too | bool
     - ansible_distribution_release != 'wheezy'
+    - generate_modern_ssh_keys | bool
 
 - name: make sure the correct keys are available except ecdsa
   file:
@@ -108,5 +115,6 @@
   notify:
     - restart ssh
   when:
-    - generate_ecdsa_too|bool
+    - generate_ecdsa_too | bool
     - ansible_distribution_release != 'wheezy'
+    - generate_modern_ssh_keys | bool
diff --git a/vars/main.yml b/vars/main.yml
index 1f67ad9..c04b1d2 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -1,3 +1,3 @@
 ---
-playbook_version_number: 2050 # should be over ninethousand
+playbook_version_number: 2051 # should be over ninethousand
 playbook_version_path: 'role-sshd_chaos-bodensee_github.com.version'