--- - include_tasks: versioncheck.yml when: submodules_versioncheck|bool - name: Gather the package facts package_facts: manager: auto failed_when: false - name: set sshd_service variable block: - name: read os specific variable include_vars: "vars/sshd_{{ ansible_distribution | lower }}.yml" rescue: - name: read default variable include_vars: vars/sshd_default.yml - include_tasks: packages.yml - name: Collect all users and groups allowed to login via ssh set_fact: sshd__allowed_users: '{{ sshd__allowed_users + users.keys() | default({}) | sort }}' sshd__allowed_groups: '{{ sshd__allowed_groups + users.keys() | default({}) | sort }}' - name: "try to get {{ sshd__package }} version" when: sshd__version_is_above_eight is not defined block: - name: Gather the package facts package_facts: manager: auto - name: "get package version of {{ sshd__package }}" debug: msg: "{{ ansible_facts.packages[sshd__package][0].version }}" - name: set fact sshd__version_is_above_eight set_fact: sshd__version_is_above_eight: true when: ansible_facts.packages[sshd__package][0].version is version('8.0', '>=') rescue: - debug: msg: "Failed to detect ssh version. Set sshd__version_is_above_eight to true if you want to experience new config features from sshd version 8" - include_tasks: keys.yml - name: Create sshd configuration become: yes template: src: sshd_config.j2 dest: '/etc/ssh/sshd_config' owner: root group: root mode: 'u=rw,g=r,o=r' validate: /usr/sbin/sshd -t -f %s backup: yes notify: - systemctl restart ssh