iac_stack/ansible/roles/server_install_ssh/tasks/main.yml

---
- name: Paketlisten aktualisieren
  ansible.builtin.apt:
    update_cache: true
    cache_valid_time: 3600

- name: Detect if system is Proxmox (by checking /etc/pve)
  stat:
    path: /etc/pve
  register: pve_check

- name: OpenSSH Server installieren
  ansible.builtin.apt:
    name: openssh-server
    state: present

- name: Benutzer anlegen (falls nicht vorhanden)
  ansible.builtin.user:
    name: "{{ ssh_user }}"
    shell: /bin/bash
    create_home: true

- name: SSH-Verzeichnis anlegen
  ansible.builtin.file:
    path: "/home/{{ ssh_user }}/.ssh"
    state: directory
    owner: "{{ ssh_user }}"
    group: "{{ ssh_user }}"
    mode: '0700'

- name: Trusted SSH keys von GitHub laden
  ansible.builtin.get_url:
    url: "{{ ssh_auth_keys_url }}"
    dest: "/home/{{ ssh_user }}/.ssh/trusted_ssh_keys"
    owner: "{{ ssh_user }}"
    group: "{{ ssh_user }}"
    mode: '0644'

- name: Alle geladenen Keys in authorized_keys eintragen
  ansible.builtin.command: >
    bash -c "cat /home/{{ ssh_user }}/.ssh/trusted_ssh_keys >> /home/{{ ssh_user }}/.ssh/authorized_keys"
  args:
    creates: "/home/{{ ssh_user }}/.ssh/authorized_keys"
  become: true

- name: Permissions für authorized_keys setzen
  ansible.builtin.file:
    path: "/home/{{ ssh_user }}/.ssh/authorized_keys"
    owner: "{{ ssh_user }}"
    group: "{{ ssh_user }}"
    mode: '0600'

- name: SSH-Konfiguration per Template übertragen
  ansible.builtin.template:
    src: sshd_config.j2
    dest: /etc/ssh/sshd_config
    owner: root
    group: root
    mode: '0644'
  notify: Restart SSH
  vars:
    is_proxmox: "{{ pve_check.stat.exists }}"
add install_ssh role 2025-06-10 21:05:04 +02:00			`---`
			`- name: Paketlisten aktualisieren`
linting 2025-06-10 22:07:03 +02:00			`ansible.builtin.apt:`
			`update_cache: true`
add install_ssh role 2025-06-10 21:05:04 +02:00			`cache_valid_time: 3600`

add a proxmox condition to activate neccessary entries in sshd_config 2025-06-28 15:27:33 +02:00			`- name: Detect if system is Proxmox (by checking /etc/pve)`
			`stat:`
			`path: /etc/pve`
			`register: pve_check`

add install_ssh role 2025-06-10 21:05:04 +02:00			`- name: OpenSSH Server installieren`
linting 2025-06-10 22:07:03 +02:00			`ansible.builtin.apt:`
add install_ssh role 2025-06-10 21:05:04 +02:00			`name: openssh-server`
			`state: present`

			`- name: Benutzer anlegen (falls nicht vorhanden)`
linting 2025-06-10 22:07:03 +02:00			`ansible.builtin.user:`
add install_ssh role 2025-06-10 21:05:04 +02:00			`name: "{{ ssh_user }}"`
			`shell: /bin/bash`
linting 2025-06-10 22:07:03 +02:00			`create_home: true`
add install_ssh role 2025-06-10 21:05:04 +02:00
			`- name: SSH-Verzeichnis anlegen`
linting 2025-06-10 22:07:03 +02:00			`ansible.builtin.file:`
add install_ssh role 2025-06-10 21:05:04 +02:00			`path: "/home/{{ ssh_user }}/.ssh"`
			`state: directory`
			`owner: "{{ ssh_user }}"`
			`group: "{{ ssh_user }}"`
			`mode: '0700'`

refactor: update SSH key management to load keys from a URL and set permissions 2025-08-14 18:12:14 +02:00			`- name: Trusted SSH keys von GitHub laden`
			`ansible.builtin.get_url:`
			`url: "{{ ssh_auth_keys_url }}"`
			`dest: "/home/{{ ssh_user }}/.ssh/trusted_ssh_keys"`
			`owner: "{{ ssh_user }}"`
			`group: "{{ ssh_user }}"`
			`mode: '0644'`

			`- name: Alle geladenen Keys in authorized_keys eintragen`
			`ansible.builtin.command: >`
			`bash -c "cat /home/{{ ssh_user }}/.ssh/trusted_ssh_keys >> /home/{{ ssh_user }}/.ssh/authorized_keys"`
			`args:`
			`creates: "/home/{{ ssh_user }}/.ssh/authorized_keys"`
			`become: true`

			`- name: Permissions für authorized_keys setzen`
			`ansible.builtin.file:`
			`path: "/home/{{ ssh_user }}/.ssh/authorized_keys"`
add install_ssh role 2025-06-10 21:05:04 +02:00			`owner: "{{ ssh_user }}"`
			`group: "{{ ssh_user }}"`
			`mode: '0600'`

			`- name: SSH-Konfiguration per Template übertragen`
linting 2025-06-10 22:07:03 +02:00			`ansible.builtin.template:`
add install_ssh role 2025-06-10 21:05:04 +02:00			`src: sshd_config.j2`
			`dest: /etc/ssh/sshd_config`
			`owner: root`
			`group: root`
			`mode: '0644'`
linting 2025-06-10 22:07:03 +02:00			`notify: Restart SSH`
add a proxmox condition to activate neccessary entries in sshd_config 2025-06-28 15:27:33 +02:00			`vars:`
			`is_proxmox: "{{ pve_check.stat.exists }}"`