iac_stack/roles/server_install_ssh/tasks/main.yml

---
- name: Paketlisten aktualisieren
  ansible.builtin.apt:
    update_cache: true
    cache_valid_time: 3600

- name: Detect if system is Proxmox (by checking /etc/pve)
  stat:
    path: /etc/pve
  register: pve_check

- name: OpenSSH Server installieren
  ansible.builtin.apt:
    name: openssh-server
    state: present

- name: Benutzer anlegen (falls nicht vorhanden)
  ansible.builtin.user:
    name: "{{ ssh_user }}"
    shell: /bin/bash
    create_home: true

- name: SSH-Verzeichnis anlegen
  ansible.builtin.file:
    path: "/home/{{ ssh_user }}/.ssh"
    state: directory
    owner: "{{ ssh_user }}"
    group: "{{ ssh_user }}"
    mode: '0700'

- name: SSH-Key eintragen
  ansible.builtin.copy:
    content: "{{ ssh_public_key }}"
    dest: "/home/{{ ssh_user }}/.ssh/authorized_keys"
    owner: "{{ ssh_user }}"
    group: "{{ ssh_user }}"
    mode: '0600'

- name: SSH-Konfiguration per Template übertragen
  ansible.builtin.template:
    src: sshd_config.j2
    dest: /etc/ssh/sshd_config
    owner: root
    group: root
    mode: '0644'
  notify: Restart SSH
  vars:
    is_proxmox: "{{ pve_check.stat.exists }}"