main.yml

---
# file: roles/common/tasks/sshd.yml

- name: ensure sshd is installed
  apt:
    name: openssh-server
    state: present
  tags:
    - ssh

- name: ensure sshd is configured
  template:
    src: sshd_config.j2
    dest: /etc/ssh/sshd_config
    owner: root
    group: root
    mode: '0644'
    backup: true
    validate: '/usr/sbin/sshd -t -f %s'
  notify:
    - restart sshd
  tags:
    - ssh

- name: ensure ssh is configured
  template:
    src: ssh_config.j2
    dest: /etc/ssh/ssh_config
    owner: root
    group: root
    mode: '0644'
    backup: true
  when: debian_version != "jessie"
  tags:
    - ssh

- name: ensure standard pam configuration for sshd
  copy:
    src: pam/sshd
    dest: /etc/pam.d/sshd
    owner: root
    group: root
    mode: '0644'
  notify:
    - restart sshd
  tags:
    - ssh

- name: ensure pam creates a home directory
  command: pam-auth-update --enable mkhomedir --force
  environment:
    DEBIAN_FRONTEND: noninteractive
  when: ssh_mkhomedir
  tags:
    - ssh
    - pam

- name: ensure pam doesn't create a home directory
  command: pam-auth-update --remove mkhomedir --force
  environment:
    DEBIAN_FRONTEND: noninteractive
  when: not ssh_mkhomedir
  tags:
    - ssh
    - pam

- name: ensure sshd is running and enabled
  service:
    name: ssh
    state: started