add install_ssh role

roles/server_install_ssh/defaults/main.yml

@@ -0,0 +1,8 @@
+# Standard-SSH-Benutzer
+ssh_user: skulladmin
+
+# Platzhalter-Key
+ssh_public_key: ""
+
+# SSH-Port
+ssh_port: 22

roles/server_install_ssh/handlers/main.yml

@@ -0,0 +1,5 @@
+---
+- name: Restart SSH
+  service:
+    name: ssh
+    state: restarted

roles/server_install_ssh/tasks/main.yml

@@ -0,0 +1,41 @@
+---
+- name: Paketlisten aktualisieren
+  apt:
+    update_cache: yes
+    cache_valid_time: 3600
+
+- name: OpenSSH Server installieren
+  apt:
+    name: openssh-server
+    state: present
+
+- name: Benutzer anlegen (falls nicht vorhanden)
+  user:
+    name: "{{ ssh_user }}"
+    shell: /bin/bash
+    create_home: yes
+
+- name: SSH-Verzeichnis anlegen
+  file:
+    path: "/home/{{ ssh_user }}/.ssh"
+    state: directory
+    owner: "{{ ssh_user }}"
+    group: "{{ ssh_user }}"
+    mode: '0700'
+
+- name: SSH-Key eintragen
+  copy:
+    content: "{{ ssh_public_key }}"
+    dest: "/home/{{ ssh_user }}/.ssh/authorized_keys"
+    owner: "{{ ssh_user }}"
+    group: "{{ ssh_user }}"
+    mode: '0600'
+
+- name: SSH-Konfiguration per Template übertragen
+  template:
+    src: sshd_config.j2
+    dest: /etc/ssh/sshd_config
+    owner: root
+    group: root
+    mode: '0644'
+  notify: Restart SSH

roles/server_install_ssh/templates/sshd_config.j2

@@ -0,0 +1,18 @@
+# OpenSSH server configuration (managed by Ansible)
+Port {{ ssh_port }}
+Protocol 2
+PermitRootLogin no
+PasswordAuthentication no
+ChallengeResponseAuthentication no
+UsePAM yes
+X11Forwarding no
+AllowUsers {{ ssh_user }}
+ClientAliveInterval 300
+ClientAliveCountMax 2
+LoginGraceTime 30
+MaxAuthTries 3
+AllowTcpForwarding no
+PermitEmptyPasswords no
+PrintMotd no
+UseDNS no
+Compression no